CCNPv8 ENARSI Skills Assessment – Configuration Exam Answers

Jul 12, 2021 Last Updated: Mar 10, 2023 CCNPv8 ENARSI 1 Comment
Tweet Share Pin it

ENARSI Skills Assessment – Configuration (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

CCNPv8 ENARSI Skills Assessment - Configuration Exam Answers 2

Addressing Table

Device Interface IPv4 Address/Mask IPv6 Address/Prefix Length Link-Local Address
R1 G0/0/0 209.165.200.1/24 2001:db8:200::1/64 fe80::1:1
G0/0/1 10.165.249.1/24 2001:db8:249::1/64 fe80::1:2
Loopback 0 10.0.0.1/24 2001:db8:10::1/64 fe80::1:3
Loopback 1 10.165.248.1/24 2001:db8:248::1/64 fe80::1:4
R2 G0/0/0 209.165.200.2/24 2001:db8:200::2/64 fe80::2:1
G0/0/1 209.165.201.2/24 2001:db8:201::2/64 fe80::2:2
Loopback 0 172.16.0.1/24 2001:db8:172::1/64 fe80::2:3
Loopback 1 209.165.224.1/24 2001:db8:224::1/64 fe80::2:4
R3 G0/0/0 209.165.201.1/24 2001:db8:201::1/64 fe80::3:1
G0/0/1 192.168.241.1/24 2001:db8:241::1/64 fe80::3:2
Loopback 0 192.168.0.1/24 2001:db8:192::1/64 fe80::3:3
Loopback 1 192.168.240.1/24 2001:db8:240::1/64 fe80::3:4
D1 G1/0/11 10.165.249.2/25 2001:db8:249::2/64 fe80::d1:1
VLAN 250 10.165.250.1/24 2001:db8:24a::1/64 fe80::d1:2
VLAN 251 10.165.251.1/24 2001:db8:24b::1/64 fe80::d1:3
D2 G1/0/11 192.168.241.2/24 2001:db8:241::2/64 fe80::d2:1
VLAN 242 192.168.242.1/24 2001:db8:242::1/64 fe80::d2:2
VLAN 243 192.168.243.1/24 2001:db8:243::1/64 fe80::d2:3
A1 VLAN 250 10.165.250.2/24 2001:db8:24a::2/64 fe80::a1:1
PC1 NIC DHCP SLAAC EUI-64/CGA
PC2 NIC 10.165.251.5/24 2001:db8:24b::5/64 EUI-64/CGA
PC3 NIC DHCP SLAAC EUI-64/CGA
PC4 NIC DHCP SLAAC EUI-64/CGA

Objectives

  • Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing
  • Part 2: Configure Routing to Specifications

Background / Scenario

You have been tasked with configuring routing for the network according to a set of specifications. You must be precise and configure routing to adhere to the requirements provided.

Note: This lab is an exercise in configuring routing options and does not necessarily reflect networking best practices.

Note: The routers used with CCNP hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9 image). The switches used in the labs are Cisco Catalyst 3650 with Cisco IOS XE Release 16.9.4 (universalk9 image) and Cisco Catalyst 2960 with Cisco IOS Release 15.2(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface identifiers.

Note: Make sure that the routers and switches have been erased and have no startup configurations. If you are unsure, contact your instructor.

Note: The default Switch Database Manager (SDM) template on a Catalyst 2960 does not support IPv6. You must change the default SDM template to the dual-ipv4-and-ipv6 default template using the sdm prefer dual-ipv4-and-ipv6 default global configuration command. Changing the template will require a reboot.

Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Required Resources

• 3 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 2 Switches (Cisco 3650 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 1 Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
• 4 PCs (Choice of Operating System with terminal emulation program installed)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet and serial cables as shown in the topology

Instructions

Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing

In Part 1, you will set up the network topology and configure basic settings and interface addressing on routers.

Step 1: Cable the network as shown in the topology.

Attach the devices as shown in the topology diagram, and cable as necessary.

Step 2: Configure basic settings for each device.

a. Console into each device, enter global configuration mode, and apply the basic settings. The startup configurations for each device are provided below.

Instructor Note: Each device should have the enarsi directory in flash with the appropriate reset.tcl script existing there. If not, use the following scripts to create them:

Router Reset Script

enable 
delete /force /recursive flash:/enarsi
mkdir flash:/enarsi

tclsh
puts [ open "flash:/enarsi/reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
erase startup-config
puts "Reloading the router"
typeahead "\n"
reload
}
tclquit

D1/D2 (Cisco 3650) Reset Script – The default 3650 SDM template supports IPv6, so it is not set by this script.

enable
delete /force /recursive flash:/enarsi
mkdir flash:/enarsi

tclsh
puts [ open "flash:/enarsi/reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
erase startup-config
delete /force vlan.dat
puts "Reloading the switch"
typeahead "\n"
reload
}
tclquit

A1 (Cisco 2960 Script) – The default 2960 SDM template does not support IPv6, so this script includes that setting.

enable
delete /force /recursive flash:/enarsi
mkdir flash:/enarsi

tclsh
puts [ open "flash:/enarsi/reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
erase startup-config
delete /force vlan.dat
delete /force multiple-fs
ios_config "sdm prefer lanbase-routing"
typeahead "\n"
puts "Reloading the switch in 1 minute, type reload cancel to halt"
typeahead "\n"
reload
}
tclquit

Router R1

hostname R1
no ip domain lookup
ipv6 unicast-routing
banner motd # This is R1, ENARSI SA Part 1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface g0/0/0
 ip address 209.165.200.1 255.255.255.0
 ipv6 address fe80::1:1 link-local
 ipv6 address 2001:db8:200::1/64
 no shutdown
 exit
interface g0/0/1
 ip address 10.165.249.1 255.255.255.0
 ipv6 address fe80::1:2 link-local
 ipv6 address 2001:db8:249::1/64
 no shutdown
 exit
interface s0/1/0
 ip address 209.165.202.1 255.255.255.0
 ipv6 address fe80::1:3 link-local
 ipv6 address 2001:db8:202::1/64
 no shutdown
 exit
interface s0/1/1
 ip address 209.165.203.1 255.255.255.0
 ipv6 address fe80::1:4 link-local
 ipv6 address 2001:db8:203::1/64
 no shutdown
 exit
interface loopback 0
 ip address 10.0.0.1 255.255.255.0
 ipv6 address fe80::1:5 link-local
 ipv6 address 2001:db8:10::1/64
 no shutdown
 exit
interface loopback 1
 ip address 10.165.248.1 255.255.255.0
 ipv6 address fe80::1:6 link-local
 ipv6 address 2001:db8:248::1/64
 no shutdown
 exit
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
 login local
 transport input telnet
 exec-timeout 5 0
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end

Router R2

hostname R2
no ip domain lookup
ipv6 unicast-routing
banner motd # This is R2, ENARSI SA Part 1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface g0/0/0
 ip address 209.165.200.2 255.255.255.0
 ipv6 address fe80::2:1 link-local
 ipv6 address 2001:db8:200::2/64
 no shutdown
 exit
interface g0/0/1
 ip address 209.165.201.2 255.255.255.0
 ipv6 address fe80::2:2 link-local
 ipv6 address 2001:db8:201::2/64
 no shutdown
 exit
interface loopback 0
 ip address 172.16.0.1 255.255.255.0
 ipv6 address fe80::2:3 link-local
 ipv6 address 2001:db8:172::1/64
 no shutdown
 exit
interface loopback 1
 ip address 209.165.224.1 255.255.255.0
 ipv6 address fe80::2:4 link-local
 ipv6 address 2001:db8:224::1/64
 no shutdown
 exit
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
 login local
 transport input telnet
 exec-timeout 5 0
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end

Router R3

hostname R3
no ip domain lookup
ipv6 unicast-routing
banner motd # This is R3, ENARSI SA Part 1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface g0/0/0
 ip address 209.165.201.1 255.255.255.0
 ipv6 address fe80::3:1 link-local
 ipv6 address 2001:db8:201::1/64
 no shutdown
 exit
interface g0/0/1
 ip address 192.168.241.1 255.255.255.0
 ipv6 address fe80::3:2 link-local
 ipv6 address 2001:db8:241::1/64
 no shutdown
 exit
interface s0/1/0
 ip address 209.165.202.2 255.255.255.0
 ipv6 address fe80::3:3 link-local
 ipv6 address 2001:db8:202::2/64
 no shutdown
 exit
interface s0/1/1
 ip address 209.165.203.2 255.255.255.0
 ipv6 address fe80::3:4 link-local
 ipv6 address 2001:db8:203::2/64
 no shutdown
 exit
interface loopback 0
 ip address 192.168.0.1 255.255.255.0
 ipv6 address fe80::3:5 link-local
 ipv6 address 2001:db8:192::1/64
 no shutdown
 exit
interface loopback 1
 ip address 192.168.240.1 255.255.255.0
 ipv6 address fe80::3:6 link-local
 ipv6 address 2001:db8:240::1/64
 no shutdown
 exit
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
 login local
 transport input telnet
 exec-timeout 5 0
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end

Switch D1

hostname D1
no ip domain lookup
ip routing
ipv6 unicast-routing
banner motd # This is D1, ENARSI SA Part 1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
vlan 250
 name Users
 exit
vlan 251
 name Servers
 exit
interface range g1/0/1-24
 switchport mode access
 shutdown
interface g1/0/11
 no switchport
 ip address 10.165.249.2 255.255.255.0
 ipv6 address fe80::d1:1 link-local
 ipv6 address 2001:db8:249::2/64
 no shutdown
 exit
interface g1/0/23
 switchport mode access
 spanning-tree portfast
 switchport access vlan 250
 no shutdown
 exit
interface vlan 250
 ip address 10.165.250.1 255.255.255.0
 ipv6 address fe80::d1:2 link-local
 ipv6 address 2001:db8:24A::1/64
 no shutdown
 exit
interface vlan 251
 ip address 10.165.251.1 255.255.255.0
 ipv6 address fe80::d1:3 link-local
 ipv6 address 2001:db8:24B::1/64
 no shutdown
 exit
interface range g1/0/5-6
 switchport mode trunk
 channel-group 1 mode active
 no shutdown
 exit
ip dhcp excluded-address 10.165.250.1 10.165.250.5
ip dhcp pool VLAN250DHCP
 network 10.165.250.0 255.255.255.0
 default-router 10.165.250.1
 exit
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
 login local
 transport input telnet
 exec-timeout 5 0
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end

Switch D2

hostname D2
no ip domain lookup
ip routing
ipv6 unicast-routing
banner motd # This is D2, ENARSI SA Part 1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
vlan 242
 name Users
 exit
interface range g1/0/1-24
 switchport mode access
 shutdown
interface g1/0/11
 no switchport
 ip address 209.165.241.2 255.255.255.0
 ipv6 address fe80::d2:1 link-local
 ipv6 address 2001:db8:241::2/64
 no shutdown
 exit
interface g1/0/23
 switchport mode access
 spanning-tree portfast
 switchport access vlan 242
 no shutdown
 exit
interface g1/0/24
 switchport mode access
 spanning-tree portfast
 switchport access vlan 243
 no shutdown
 exit
interface vlan 242
 ip address 192.168.242.1 255.255.255.0
 ipv6 address fe80::d2:2 link-local
 ipv6 address 2001:db8:242::1/64
 no shutdown
 exit
interface vlan 243
 ip address 192.168.243.1 255.255.255.0
 ipv6 address fe80::d1:3 link-local
 ipv6 address 2001:db8:243::1/64
 no shutdown
 exit
ip dhcp excluded-address 192.168.242.1 192.168.242.5
ip dhcp pool VLAN242DHCP
 network 192.168.242.0 255.255.255.0
 default-router 192.168.242.1
 exit
ip dhcp excluded-address 192.168.243.1 192.168.243.5
ip dhcp pool VLAN243DHCP
 network 192.168.243.0 255.255.255.0
 default-router 192.168.243.1
 exit
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
 login local
 transport input telnet
 exec-timeout 5 0
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end

Switch A1

hostname A1
no ip domain lookup
banner motd # This is A1, ENARSI SA Part 1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
vlan 251
 name Servers
 exit
interface range f0/1-24
 switchport mode access
 shutdown
 exit
interface f0/23
 switchport mode access
 switchport access vlan 250
 spanning-tree portfast
 no shutdown
 exit
interface f0/24
 switchport mode access
 switchport access vlan 251
 spanning-tree portfast
 no shutdown
 exit
interface vlan 250
 ip address 10.165.250.2 255.255.255.0
 ipv6 address fe80::a1:1 link-local
 ipv6 address 2001:db8:24A::2/64
 no shutdown
 exit
ip default-gateway 10.165.250.1
interface f0/23
 shutdown
 exit
interface range f0/1-3
 switchport mode trunk
 channel-group 1 mode active
 no shutdown
 exit
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
 login local
 transport input telnet
 exec-timeout 5 0
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end

b. Set the clock on each device to UTC time.

c. Save the running configuration to startup-config.

d. Verify the IPv4 and IPv6 configuration on hosts as shown in the Addressing Table. PC2 should be manually configured.

Part 2: Configure Routing to Specifications

Implement routing in the network using the following specifications.

Note: The enable secret is cisco12345. If you must provide a username, the configured username is admin.

Step 1: Configure R1 and D1 to communicate using Named EIGRP.

a. Name the process ENARSI-SA and use autonomous system number 1 for both IPv4 and IPv6.

b. Use the router id 0.4.10.1 for R1 and 0.4.10.2 for D1 with address family IPv4.

c. Use the router id 0.6.10.1 for R1 and 0.6.10.2 for D1 with address family IPv6.

d. Advertise individual IPv4 and IPv6 networks attached to R1 and D1. Do not summarize.

e. Ensure R1 interface G0/0/0 does not send or receive EIGRP updates in either address family.

f. Ensure D1 will not form an EIGRP adjacency on interface VLAN 250 or interface VLAN 251 in either address family.

Instructor Note: Commands used to complete this step on R1 include those shown below. Note that the option exists to use passive-interface default and no passive-interface for specific interfaces, or to use passive-interface on specific interfaces only.

router eigrp ENARSI-SA
 address-family ipv4 unicast autonomous-system 1
  eigrp router-id 0.4.10.1
  network 10.0.0.0
  network 10.165.248.0
  network 10.165.249.0
  exit-address-family
 address-family ipv6 unicast autonomous-system 1
  eigrp router-id 0.6.10.1
  af-interface g0/0/0
   shutdown
   exit-af-interface
  exit-address-family
 exit

Instructor Note: Commands used to complete this step on D1 include those shown below. Note that the option exists to use passive-interface default and no passive-interface for specific interfaces, or to use passive-interface on specific interfaces only.

router eigrp ENARSI-SA
 address-family ipv4 unicast autonomous-system 1
  eigrp router-id 0.4.10.2
  network 10.165.249.0
  network 10.165.250.0
  network 10.165.251.0
  af-interface vlan 250
   passive-interface
   exit
  af-interface vlan 251
   passive-interface
   exit
  exit-address-family
 address-family ipv6 unicast autonomous-system 1
  eigrp router-id 0.6.10.2
  af-interface vlan 250
   passive-interface
   exit
  af-interface vlan 251
   passive-interface
   exit
  exit-address-family
 exit
Step 2: Configure R1 to speak BGP for AS 10 using Multi-Protocol BGP.

a. Configure MP-BGP for AS 10 and disable the default IPv4 behavior.

b. Use the BGP router-id 4.6.10.1.

c. Configure neighbor statements as follows:

  1. Establish adjacency with R2 in AS 172 via G0/0/0 using IPv4 and IPv6.
  2. Establish adjacency with R3 in AS 192 via S0/1/0 using IPv4 and IPv6.
  3. Establish adjacency with R3 in AS 192 via S0/1/1 using IPv4 and IPv6.

d. Activate the neighbors under the appropriate unicast address family.

e. Advertise all of the individual networks in AS 10. Do not summarize.

Instructor Note: Commands used to complete this step include the following:

router bgp 10
 no bgp default ipv4-unicast
 bgp router-id 4.6.10.1
 neighbor 209.165.200.2 remote-as 172
 neighbor 209.165.202.2 remote-as 192
 neighbor 209.165.203.2 remote-as 192
 neighbor 2001:db8:200::2 remote-as 172
 neighbor 2001:db8:202::2 remote-as 192
 neighbor 2001:db8:203::2 remote-as 192
 address-family ipv4 unicast
  neighbor 209.165.200.2 activate
  neighbor 209.165.202.2 activate
  neighbor 209.165.203.2 activate
  network 10.165.248.0 mask 255.255.255.0
  network 10.165.249.0 mask 255.255.255.0
  network 10.165.250.0 mask 255.255.255.0
  network 10.165.251.0 mask 255.255.255.0
  network 10.0.0.0 mask 255.255.255.0
  exit
 address-family ipv6 unicast
  neighbor 2001:db8:200::2 activate
  neighbor 2001:db8:202::2 activate
  neighbor 2001:db8:203::2 activate
  network 2001:db8:248::/64
  network 2001:db8:249::/64
  network 2001:db8:24a::/64
  network 2001:db8:24b::/64
  network 2001:db8:10::/64
  exit
 exit
Step 3: Configure R1 to redistribute BGP into EIGRP.

Configure R1 to redistribute BGP 10 into both EIGRP address families with an appropriate metric.

Instructor Note: Commands used to complete this step include those shown below. Note that the option exists to use passive-interface default and no passive-interface for specific interfaces, or to use passive-interface on specific interfaces only.

router eigrp ENARSI-SA
 address-family ipv4 unicast autonomous-system 1
  topology base
   redistribute bgp 10 metric 1000000 10 255 1 1500
   exit
  exit-address-family
 address-family ipv6 unicast autonomous-system 1
  topology base
   redistribute bgp 10 metric 1000000 10 255 1 1500
   exit
exit
Step 4: Configure R2 to speak BGP for AS 172 using Multi-Protocol BGP.

a. Configure static default routes for IPv4 and IPv6 pointed to null0.

b. Configure MP-BGP for AS 172 and disable the default IPv4 behavior.

c. Use the BGP router-id 4.6.172.2.

d. Configure neighbor statements as follows:

  1. Establish adjacency with R1 in AS 10 via G0/0/0 using IPv4 and IPv6.
  2. Establish adjacency with R3 in AS 192 via G0/01 using IPv4 and IPv6.

e. Activate the neighbors under the appropriate unicast address family.

f. Advertise all of the individual networks in AS 10. Do not summarize.

  1. For the default routes, use the network 0.0.0.0 mask 0.0.0.0 and network ::/0 commands.

Instructor Note: Commands used to complete this step include the following:

ip route 0.0.0.0 0.0.0.0 null0
ipv6 route ::/0 null0
router bgp 172
 no bgp default ipv4-unicast
 bgp router-id 4.6.172.2
 neighbor 209.165.200.1 remote-as 10
 neighbor 209.165.201.1 remote-as 192
 neighbor 2001:db8:200::1 remote-as 10
 neighbor 2001:db8:201::1 remote-as 192
 address-family ipv4 unicast
  neighbor 209.165.200.1 activate
  neighbor 209.165.201.1 activate
  network 172.16.0.0 mask 255.255.255.0
  network 209.165.224.0
  network 0.0.0.0 mask 0.0.0.0
  exit
 address-family ipv6 unicast
  neighbor 2001:db8:200::1 activate
  neighbor 2001:db8:201::1 activate
  network 2001:db8:172::/64
  network 2001:db8:224::/64
  network ::/0
  exit
 exit
Step 5: Configure R3 to speak BGP for AS 192 using Multi-Protocol BGP.

a. Configure MP-BGP for AS 10 and disable the default IPv4 behavior.

b. Use the BGP router-id 4.6.192.3.

c. Configure neighbor statements as follows:

  1. Establish adjacency with R2 in AS 172 via G0/0/0 using IPv4 and IPv6.
  2. Establish adjacency with R1 in AS 10 via S0/1/0 using IPv4 and IPv6.
  3. Establish adjacency with R1 in AS 10 via S0/1/1 using IPv4 and IPv6.

d. Activate the neighbors under the appropriate unicast address family.

e. Advertise all of the individual networks in AS 192. Do not summarize.

Instructor Note: Commands used to complete this step include the following:

router bgp 192
 no bgp default ipv4-unicast
 bgp router-id 4.6.192.3
 neighbor 209.165.201.2 remote-as 172
 neighbor 209.165.202.1 remote-as 10
 neighbor 209.165.203.1 remote-as 10
 neighbor 2001:db8:201::2 remote-as 172
 neighbor 2001:db8:202::1 remote-as 10
 neighbor 2001:db8:203::1 remote-as 10
 address-family ipv4 unicast
  neighbor 209.165.201.2 activate
  neighbor 209.165.202.1 activate
  neighbor 209.165.203.1 activate
  network 192.168.240.0
  network 192.168.241.0
  network 192.168.242.0
  network 192.168.243.0
  network 192.168.0.0
  exit
 address-family ipv6 unicast
  neighbor 2001:db8:201::2 activate
  neighbor 2001:db8:202::1 activate
  neighbor 2001:db8:203::1 activate
  network 2001:db8:240::/64
  network 2001:db8:241::/64
  network 2001:db8:242::/64
  network 2001:db8:243::/64
  network 2001:db8:192::/64
  exit
 exit
Step 6: Configure R3 and D2 to communicate using OSPFv3-Address Families.

a. Use OSPFv3 process-id number 1 on both R3 and D2.

b. Use the router id 0.0.192.3 for R3 and 0.0.192.2 for D2.

c. Configure R3 interfaces Loopback 0 and Loopback 1 as OSPF point-to-point networks for both IPv4 and IPv6.

d. Advertise individual IPv4 and IPv6 networks attached to R3 and D2. Do not summarize.

e. Ensure R3 will not form an OSPFv3 adjacency on interface G0/0/0 in either address family.

f. Ensure D2 will not form an OSPFv3 adjacency on interface VLAN 250 or interface VLAN 251 in either address family.

g. Redistribute BGP 192 into OSPFv3 in both address families. Do not specify a custom metric or metric-type.

Instructor Note: Commands used to complete this step on R3 include those shown below. Note that the option exists to use passive-interface default and no passive-interface for specific interfaces, or to use passive-interface on specific interfaces only.

router ospfv3 1
 router-id 0.0.192.3
 address-family ipv4 unicast
  passive-interface default
  no passive-interface g0/0/1
  redistribute bgp 192
  exit
 address-family ipv6 unicast
  passive-interface default
  no passive-interface g0/0/1
  redistribute bgp 192
  exit
 exit
interface g0/0/1
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit
interface loopback 0
 ip ospf network point-to-point
 ipv6 ospf network point-to-point
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit
interface loopback 1
 ip ospf network point-to-point
 ipv6 ospf network point-to-point
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit

Instructor Note: Commands used to complete this step on D2 include those shown below. Note that the option exists to use passive-interface default and no passive-interface for specific interfaces, or to use passive-interface on specific interfaces only.

router ospfv3 1
 router-id 0.0.192.2
 address-family ipv4 unicast
  passive-interface default
  no passive-interface g1/0/11
  exit
 address-family ipv6 unicast
  passive-interface default
  no passive-interface g1/0/11
  exit
 exit
interface g1/0/11
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit
interface vlan 242
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit
interface vlan 243
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit
end
Step 7: Verify Operation.

a. BGP path selection should follow the shortest AS path in all cases.

  1. Traffic moving from R1 to R3 networks should cross a serial interface.
  2. Traffic moving from R1 to R2 or R3 to R2 should cross the GigabitEthernet interfaces.

b. Because there is no security in place, each host should be able to ping every other host and device on the network.

Router Interface Summary Table

Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
2811 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
4221 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
4300 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)

Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.

Device Configs – Final

Router R1

R1# show run
Building configuration...


Current configuration : 5800 bytes
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$i3nW$PAsFaNnxVNL7g8dsGnSx./
!
no aaa new-model
!
no ip domain lookup
!
login on-success log
!
subscriber templating
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $9$ZgwX5rg1yDMSH2$opyuVtGAnPj7f54TPAs78Qs3I7T2ivhLXp9NES4wQnk
!
redundancy
 mode none
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.0
 ipv6 address FE80::1:5 link-local
 ipv6 address 2001:DB8:10::1/64
!
interface Loopback1
 ip address 10.165.248.1 255.255.255.0
 ipv6 address FE80::1:6 link-local
 ipv6 address 2001:DB8:248::1/64
!
interface GigabitEthernet0/0/0
 ip address 209.165.200.1 255.255.255.0
 negotiation auto
 ipv6 address FE80::1:1 link-local
 ipv6 address 2001:DB8:200::1/64
!
interface GigabitEthernet0/0/1
 ip address 10.165.249.1 255.255.255.0
 negotiation auto
 ipv6 address FE80::1:2 link-local
 ipv6 address 2001:DB8:249::1/64
!
interface Serial0/1/0
 ip address 209.165.202.1 255.255.255.0
 ipv6 address FE80::1:3 link-local
 ipv6 address 2001:DB8:202::1/64
!
interface Serial0/1/1
 ip address 209.165.203.1 255.255.255.0
 ipv6 address FE80::1:4 link-local
 ipv6 address 2001:DB8:203::1/64
!
router eigrp ENARSI-SA
 !
 address-family ipv4 unicast autonomous-system 1
  !
  topology base
   redistribute bgp 10 metric 1000000 10 255 1 1500
  exit-af-topology
  network 10.0.0.0
  eigrp router-id 0.4.10.1
 exit-address-family
 !
 address-family ipv6 unicast autonomous-system 1
  !
  af-interface GigabitEthernet0/0/0
   shutdown
  exit-af-interface
  !
  topology base
   redistribute bgp 10 metric 1000000 10 255 1 1500
  exit-af-topology
  eigrp router-id 0.6.10.1
 exit-address-family
!
router bgp 10
 bgp router-id 4.6.10.1
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 2001:DB8:200::2 remote-as 172
 neighbor 2001:DB8:202::2 remote-as 192
 neighbor 2001:DB8:203::2 remote-as 192
 neighbor 209.165.200.2 remote-as 172
 neighbor 209.165.202.2 remote-as 192
 neighbor 209.165.203.2 remote-as 192
 !
 address-family ipv4
  network 10.0.0.0 mask 255.255.255.0
  network 10.165.248.0 mask 255.255.255.0
  network 10.165.249.0 mask 255.255.255.0
  network 10.165.250.0 mask 255.255.255.0
  network 10.165.251.0 mask 255.255.255.0
  neighbor 209.165.200.2 activate
  neighbor 209.165.202.2 activate
  neighbor 209.165.203.2 activate
 exit-address-family
 !
 address-family ipv6
  network 2001:DB8:10::/64
  network 2001:DB8:248::/64
  network 2001:DB8:249::/64
  network 2001:DB8:24A::/64
  network 2001:DB8:24B::/64
  neighbor 2001:DB8:200::2 activate
  neighbor 2001:DB8:202::2 activate
  neighbor 2001:DB8:203::2 activate
 exit-address-family
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
control-plane
!
banner motd ^C This is R1, ENARSI SA Part 1 ^C
alias exec reset.now tclsh flash:/enarsi/reset.tcl
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 5 0
 login local
 transport input telnet
!
end

Router R2

R2# show run
Building configuration...


Current configuration : 4762 bytes
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$0hz6$/cF4u1wUcY9ssD.S/Npo41
!
no aaa new-model
!
no ip domain lookup
!
login on-success log
!
subscriber templating
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $9$.JcOt7LrpkBWq0$qT8H9p97PyDqEJ1VRZrmj8mp2L9wOvmnUei09Nl6M7U
!
redundancy
 mode none
!
interface Loopback0
 ip address 172.16.0.1 255.255.255.0
 ipv6 address FE80::2:3 link-local
 ipv6 address 2001:DB8:172::1/64
!
interface Loopback1
 ip address 209.165.224.1 255.255.255.0
 ipv6 address FE80::2:4 link-local
 ipv6 address 2001:DB8:224::1/64
!
interface GigabitEthernet0/0/0
 ip address 209.165.200.2 255.255.255.0
 negotiation auto
 ipv6 address FE80::2:1 link-local
 ipv6 address 2001:DB8:200::2/64
!
interface GigabitEthernet0/0/1
 ip address 209.165.201.2 255.255.255.0
 negotiation auto
 ipv6 address FE80::2:2 link-local
 ipv6 address 2001:DB8:201::2/64
!
router bgp 172
 bgp router-id 4.6.172.2
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 2001:DB8:200::1 remote-as 10
 neighbor 2001:DB8:201::1 remote-as 192
 neighbor 209.165.200.1 remote-as 10
 neighbor 209.165.201.1 remote-as 192
 !
 address-family ipv4
  network 0.0.0.0
  network 172.16.0.0 mask 255.255.255.0
  network 209.165.224.0
  neighbor 209.165.200.1 activate
  neighbor 209.165.201.1 activate
 exit-address-family
 !
 address-family ipv6
  network ::/0
  network 2001:DB8:172::/64
  network 2001:DB8:224::/64
  neighbor 2001:DB8:200::1 activate
  neighbor 2001:DB8:201::1 activate
 exit-address-family
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 Null0
!
ipv6 route ::/0 Null0
!
control-plane
!
banner motd ^C This is R2, ENARSI SA Part 1 ^C
alias exec reset.now tclsh flash:/enarsi/reset.tcl
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 5 0
 login local
 transport input telnet
!
end

Router R3

R3# show run
Building configuration...


Current configuration : 5863 bytes
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$XU2w$tRZEn5rFHZG3QuOJ5hNAm.
!
no aaa new-model
!
no ip domain lookup
!
login on-success log
!
subscriber templating
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $9$rgAPMVhFfFn7Cu$9S64DkcIhU2PNDhSoSkg.HRSQRya3H2TWOgYKkWwGeU
!
redundancy
 mode none
!
interface Loopback0
 ip address 192.168.0.1 255.255.255.0
 ip ospf network point-to-point
 ipv6 address FE80::3:5 link-local
 ipv6 address 2001:DB8:192::1/64
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 ospfv3 1 ipv6 network point-to-point
!
interface Loopback1
 ip address 192.168.240.1 255.255.255.0
 ip ospf network point-to-point
 ipv6 address FE80::3:6 link-local
 ipv6 address 2001:DB8:240::1/64
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 ospfv3 1 ipv6 network point-to-point
!
interface GigabitEthernet0/0/0
 ip address 209.165.201.1 255.255.255.0
 negotiation auto
 ipv6 address FE80::3:1 link-local
 ipv6 address 2001:DB8:201::1/64
!
interface GigabitEthernet0/0/1
 ip address 192.168.241.1 255.255.255.0
 negotiation auto
 ipv6 address FE80::3:2 link-local
 ipv6 address 2001:DB8:241::1/64
 ospfv3 1 ipv6 area 0
 ospfv3 1 ipv4 area 0
!
interface Serial0/1/0
 ip address 209.165.202.2 255.255.255.0
 ipv6 address FE80::3:3 link-local
 ipv6 address 2001:DB8:202::2/64
!
interface Serial0/1/1
 ip address 209.165.203.2 255.255.255.0
 ipv6 address FE80::3:4 link-local
 ipv6 address 2001:DB8:203::2/64
!
router ospfv3 1
 router-id 0.0.192.3
 !
 address-family ipv4 unicast
  redistribute bgp 192
  passive-interface default
  no passive-interface GigabitEthernet0/0/1
 exit-address-family
 !
 address-family ipv6 unicast
  passive-interface default
  no passive-interface GigabitEthernet0/0/1
  redistribute bgp 192
 exit-address-family
!
router bgp 192
 bgp router-id 4.6.192.3
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 2001:DB8:201::2 remote-as 172
 neighbor 2001:DB8:202::1 remote-as 10
 neighbor 2001:DB8:203::1 remote-as 10
 neighbor 209.165.201.2 remote-as 172
 neighbor 209.165.202.1 remote-as 10
 neighbor 209.165.203.1 remote-as 10
 !
 address-family ipv4
  network 192.168.0.0
  network 192.168.240.0
  network 192.168.241.0
  network 192.168.242.0
  network 192.168.243.0
  neighbor 209.165.201.2 activate
  neighbor 209.165.202.1 activate
  neighbor 209.165.203.1 activate
 exit-address-family
 !
 address-family ipv6
  network 2001:DB8:192::/64
  network 2001:DB8:240::/64
  network 2001:DB8:241::/64
  network 2001:DB8:242::/64
  network 2001:DB8:243::/64
  neighbor 2001:DB8:201::2 activate
  neighbor 2001:DB8:202::1 activate
  neighbor 2001:DB8:203::1 activate
 exit-address-family
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
control-plane
!
banner motd ^C This is R3, ENARSI SA Part 1 ^C
alias exec reset.now tclsh flash:/enarsi/reset.tcl
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 5 0
 login local
 transport input telnet
!
end

Switch D1

D1# show run
Building configuration...

Current configuration : 6056 bytes
!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname D1
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 5 $1$h1SX$EP/9YI.JI5Ezo9xqSeFPH0
!
no aaa new-model
switch 1 provision ws-c3650-24td
!
ip routing
!
no ip domain lookup
ip dhcp excluded-address 10.165.250.1 10.165.250.5
!
ip dhcp pool VLAN250DHCP
 network 10.165.250.0 255.255.255.0
 default-router 10.165.250.1
!
login on-success log
ipv6 unicast-routing
!
license boot level ipservicesk9
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $9$TST/qp2wBgPRPE$0zzcVAgyPgDETLaDsVKxNG2QjvXU/iplLQC8EFInbNc
!
redundancy
 mode sso
!
transceiver type all
 monitoring
!
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
  description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
  description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFLSAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
  description L2 LVX control packets
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any system-cpp-police-multicast
  description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any system-cpp-police-data
  description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
  description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
  description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
  description DHCP snooping
class-map match-any system-cpp-police-system-critical
  description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
interface Port-channel1
 switchport mode trunk
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 negotiation auto
!
interface GigabitEthernet1/0/1
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/2
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/3
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/4
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/5
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet1/0/6
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet1/0/7
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/8
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/9
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/10
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/11
 no switchport
 ip address 10.165.249.2 255.255.255.0
 ipv6 address FE80::D1:1 link-local
 ipv6 address 2001:DB8:249::2/64
!
interface GigabitEthernet1/0/12
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/13
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/14
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/15
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/16
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/17
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/18
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/19
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/20
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/21
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/22
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/23
 switchport access vlan 250
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/24
 switchport mode access
 shutdown
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
 no ip address
!
interface Vlan250
 ip address 10.165.250.1 255.255.255.0
 ipv6 address FE80::D1:2 link-local
 ipv6 address 2001:DB8:24A::1/64
!
interface Vlan251
 ip address 10.165.251.1 255.255.255.0
 ipv6 address FE80::D1:3 link-local
 ipv6 address 2001:DB8:24B::1/64
!
router eigrp ENARSI-SA
 !
 address-family ipv4 unicast autonomous-system 1
  !
  af-interface Vlan250
   passive-interface
  exit-af-interface
  !
  af-interface Vlan251
   passive-interface
  exit-af-interface
  !
  topology base
  exit-af-topology
  network 10.0.0.0
  eigrp router-id 0.4.10.2
 exit-address-family
 !
 address-family ipv6 unicast autonomous-system 1
  !
  af-interface Vlan250
   passive-interface
  exit-af-interface
  !
  af-interface Vlan251
   passive-interface
  exit-af-interface
  !
  topology base
  exit-af-topology
  eigrp router-id 0.6.10.2
 exit-address-family
!
ip forward-protocol nd
ip http server
ip http secure-server
!
control-plane
 service-policy input system-cpp-policy
!
banner motd ^C This is D1, ENARSI SA Part 1 ^C
alias exec reset.now tclsh flash:/enarsi/reset.tcl
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 5 0
 login local
 transport input telnet
line vty 5 15
 login
!
end

Switch D2

D2# show run
Building configuration...

Current configuration : 8537 bytes
!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname D2
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 5 $1$3nks$rSkbJF9PTw7PcUVSoXbsh0
!
no aaa new-model
switch 1 provision ws-c3650-24td
!
ip routing
!
no ip domain lookup
ip dhcp excluded-address 192.168.242.1 192.168.242.5
ip dhcp excluded-address 192.168.243.1 192.168.243.5
!
ip dhcp pool VLAN242DHCP
 network 192.168.242.0 255.255.255.0
 default-router 192.168.242.1
!
ip dhcp pool VLAN243DHCP
 network 192.168.243.0 255.255.255.0
 default-router 192.168.243.1
!
login on-success log
ipv6 unicast-routing
!
license boot level ipservicesk9
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $9$BtIeOeiXAsJMHE$kIykk/3Wal3iCUvdXiJRay1Oh7MAw5nuwRMWuTpBYCg
!
redundancy
 mode sso
!
transceiver type all
 monitoring
!
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
  description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
  description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFLSAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
  description L2 LVX control packets
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any system-cpp-police-multicast
  description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any system-cpp-police-data
  description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
  description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
  description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
  description DHCP snooping
class-map match-any system-cpp-police-system-critical
  description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 negotiation auto
!
interface GigabitEthernet1/0/1
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/2
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/3
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/4
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/5
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/6
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/7
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/8
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/9
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/10
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/11
 no switchport
 ip address 209.165.241.2 255.255.255.0
 ipv6 address FE80::D2:1 link-local
 ipv6 address 2001:DB8:241::2/64
 ospfv3 1 ipv6 area 0
 ospfv3 1 ipv4 area 0
!
interface GigabitEthernet1/0/12
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/13
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/14
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/15
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/16
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/17
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/18
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/19
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/20
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/21
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/22
 switchport mode access
 shutdown
!
interface GigabitEthernet1/0/23
 switchport access vlan 242
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/24
 switchport access vlan 243
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
 no ip address
!
interface Vlan242
 ip address 192.168.242.1 255.255.255.0
 ipv6 address FE80::D2:2 link-local
 ipv6 address 2001:DB8:242::1/64
 ospfv3 1 ipv6 area 0
 ospfv3 1 ipv4 area 0
!
interface Vlan243
 ip address 192.168.243.1 255.255.255.0
 ipv6 address FE80::D1:3 link-local
 ipv6 address 2001:DB8:243::1/64
 ospfv3 1 ipv6 area 0
 ospfv3 1 ipv4 area 0
!
router ospfv3 1
 router-id 0.0.192.2
 !
 address-family ipv4 unicast
  passive-interface default
  no passive-interface GigabitEthernet1/0/11
 exit-address-family
 !
 address-family ipv6 unicast
  passive-interface default
  no passive-interface GigabitEthernet1/0/11
 exit-address-family
!
ip forward-protocol nd
ip http server
ip http secure-server
!
control-plane
 service-policy input system-cpp-policy
!
banner motd ^C This is D2, ENARSI SA Part 1 ^C
alias exec reset.now tclsh flash:/enarsi/reset.tcl
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 5 0
 login local
 transport input telnet
line vty 5 15
 login
!
end

Switch A1

A1# show run
Building configuration...

Current configuration : 2913 bytes
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname A1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$bzXo$MB8eSj50SJX0CYl0asS/X.
!
username admin privilege 15 secret 9 $9$0q7QXDhijplHc1$sUT0sCoRPpUoTTIxokrQb3j9VGMiOd/w3RdCLZirVJQ
no aaa new-model
system mtu routing 1500
!
no ip domain-lookup
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface Port-channel1
 switchport mode trunk
!
interface FastEthernet0/1
 switchport mode trunk
 channel-group 1 mode active
!
interface FastEthernet0/2
 switchport mode trunk
 channel-group 1 mode active
!
interface FastEthernet0/3
 switchport mode trunk
 channel-group 1 mode active
!
interface FastEthernet0/4
 switchport mode access
 shutdown
!
interface FastEthernet0/5
 switchport mode access
 shutdown
!
interface FastEthernet0/6
 switchport mode access
 shutdown
!
interface FastEthernet0/7
 switchport mode access
 shutdown
!
interface FastEthernet0/8
 switchport mode access
 shutdown
!
interface FastEthernet0/9
 switchport mode access
 shutdown
!
interface FastEthernet0/10
 switchport mode access
 shutdown
!
interface FastEthernet0/11
 switchport mode access
 shutdown
!
interface FastEthernet0/12
 switchport mode access
 shutdown
!
interface FastEthernet0/13
 switchport mode access
 shutdown
!
interface FastEthernet0/14
 switchport mode access
 shutdown
!
interface FastEthernet0/15
 switchport mode access
 shutdown
!
interface FastEthernet0/16
 switchport mode access
 shutdown
!
interface FastEthernet0/17
 switchport mode access
 shutdown
!
interface FastEthernet0/18
 switchport mode access
 shutdown
!
interface FastEthernet0/19
 switchport mode access
 shutdown
!
interface FastEthernet0/20
 switchport mode access
 shutdown
!
interface FastEthernet0/21
 switchport mode access
 shutdown
!
interface FastEthernet0/22
 switchport mode access
 shutdown
!
interface FastEthernet0/23
 switchport access vlan 250
 switchport mode access
 shutdown
 spanning-tree portfast edge
!
interface FastEthernet0/24
 switchport access vlan 251
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
!
interface Vlan250
 ip address 10.165.250.2 255.255.255.0
 ipv6 address FE80::A1:1 link-local
 ipv6 address 2001:DB8:24A::2/64
!
ip default-gateway 10.165.250.1
ip http server
ip http secure-server
!
banner motd ^C This is A1, ENARSI SA Part 1 ^C
alias exec reset.now tclsh flash:/enarsi/reset.tcl
!
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 exec-timeout 5 0
 login local
 transport input telnet
line vty 5 15
 login
!
end

 

 

Subscribe
Notify of
guest

1 Comment
Inline Feedbacks
View all comments
erish30
erish30
2 years ago

Config for D2 has been altered by unknow source.

interface g1/0/11
 no switchport
 ip address 209.165.241.2 255.255.255.0

Is wrong address. Correct address is 192.168.241.2.

A1 also has 

f0/23
 shutdown

command that could be wrong.

Reply