Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Just Passed! Corrected Labs and Advice
#2
Part 2

### Archive Logging/SNMP Config (Verified Solution)
### Tasks
Troubleshoot R-WEST to achieve the desire kd results:
1. All the commands should be locally saved to the router as well as sent to the Syslog server except passwords.
2. All the Cisco OSPF LSA traps should be sent to the SNMP server.
### Solution
**R-WEST**
en
conf t
archive
log config
logging enable
hidekeys
notify syslog
snmp-server enable traps
snmp-server enable traps ospf lsa
snmp-server enable traps cisco-specific lsa
wr
---
### EIGRP Route Manipulation #1 (Verified Solution)
### Tasks
![sim-eigrp-route-manipulation-topology-1.png](https://prod-files-secure.s3.us-west-2.a...logy-1.png)
Troubleshoot and resolve the issues to achieve these goals:
1. Ensure that R1 reaches the prefix 10.6.66.6 without any single point of failure in the path. Do not use a static route or policy-based routing to accomplish this.
2. Ensure that R1 loopback 1 reaches to R6’s loopback 1 by following the path through R1, R3, R5 to R6 and vice versa. Use metric values K1=100000, K2=1, K3=255, K4=10, K5=1500 to modify the default metric in EIGRP if required. Do not use a route-map.
3. Ensure that on R3, prefix 10.0.56.6/32 uses the SP1 to route to the Internet, whereas prefix 172.16.12.2/32 uses the SP2 to route to the Internet. Do not use BGP to accomplish this. Use the pre-configured route-maps SP1 and SP2 and modify to accomplish the task if required. Use the ping and trace commands from R6 and R2 to prefixes 209.165.202.132 and 209.165.202.128, respectively to verify results.
### Solution
**R3**
conf t
router eigrp 10
no distance 255 0.0.0.0 255.255.255.255 66
redistribute ospf 10 metric 100000 1 255 10 1500
route-map SP1 permit 10
set ip next-hop 209.165.201.2
route-map SP2 permit 10
set ip next-hop 209.165.200.226
int e0/1
ip policy route-map SP1
int e0/0
ip policy route-map SP2
end
wr
**R4**
en
conf t
router eigrp 10
no distance 0.0.0.0 255.255.255.255 66
wr
---
### EIGRP Route Manipulation #2
### Tasks
Troubleshoot and resolve the issues to achieve these goals:
1. Ensure that R2 reaches the prefix 10.5.55.5 without any single point of failure in the path. Do not use a static route or policy-based routing to accomplish this.
2. Ensure that R1 loopback 0 reaches to R6’s loopback 0 by following the path through R1, R5 to R6 and vice versa. Use metric values K1=100000, K2=1, K3=255, K4=10, K5=1500 to modify the default metric in EIGRP if required. Do not use a route-map.
3. Ensure that on R3, prefix 10.0.0.0/8 uses the SP1 to route to the Internet, whereas prefix 172.16.0.0/12 uses the SP2 to route to the Internet. Do not use BGP to accomplish this. Use the pre-configured route-maps SP1 and SP2 and modify to accomplish the task if required. Use the ping and trace commands from R5 and R1 to verify results.
### Solution
**R3**
conf t
router eigrp 10
no distance 255 0.0.0.0 255.255.255.255 66
redistribute ospf 10 metric 100000 255 10 1 1500
route-map SP1 permit 10
set ip next-hop 209.165.201.2
route-map SP2 permit 10
set ip next-hop 209.165.200.226
int e0/1
ip policy route-map SP1
int e0/0
ip policy route-map SP2
wr
**R4**
en
conf t
router eigrp 10
no distance 255 0.0.0.0.0 255.255.255.255 5
wr
---
### EIGRP Route Manipulation #3 (Verified Solution)
### Tasks
Troubleshoot and resolve the issues to achieve these goals:
1. Ensure that R6 reaches the prefix 10.9.99.9. Manipulate the first basic routing decision-making criteria of longest prefix match that if a router learns a route from different routing protocols, the longest matched prefix can be changed. Use decimal value of 75 if required to accomplish this. Do not use a route-map.
2. Ensure that R2 loopback 1 reaches to R5's loopback 1 by following the path through R2, R4, R6 to R5 and R5 loopback 1 reaches R2's loopback 1 by following the path through R5, R6, R4 to R2. Use metric values K1= 100000, K2=1, K3=255, K4=10, K5=1500 to modify the default metric in EIGRP if required. Do not add or modify the default-metric command under router eigrp 10. Do not use a route-map to set metrics.
3. Ensure that on R3, prefix 10.0.56.6/32 uses the SP1 to route to the Internet, whereas prefix 172.16.12.2/32 uses the SP2 to route to the Internet. Do not use BGP to accomplish this. Use the pre-configured route-maps INTERNET1 and INTERNET2, and modify to accomplish the task if required. Use the ping and trace commands from R6 and R2 to prefixes 209.165.202.146 and 209.165.202.158, respectively to verify the results.
### Solution
**R3**
conf t
route-map INTERNET1 permit 10
set ip next-hop 209.165.200.237
route-map INTERNET2 permit 10
set ip next-hop 209.165.200.229
int e0/1
ip policy route-map INTERNET1
int e0/0
ip policy route-map INTERNET2
wr
**R4**
en
conf t
router rip
distance 75
router eigrp 10
no distance 255 0.0.0.0 255.255.255.255
redistribute ospf 10 metric 10000 255 10 1 1500
router ospf 10
redistribute eigrp 10 metric 10
wr
---
### BGP Troubleshooting (Solution Kinda Verified)
### Tasks
![sim-bgp-topology.png](https://prod-files-secure.s3.us-west-2.a...pology.png)
A company is connected to an ISP and some of the networks between the ISP and the company are not reachable. Troubleshoot and resolve the issues to achieve these goals:
1. A single /16 is advertised for all infrastructure-connected interfaces that belong to the 10.20.x.x network using BGP network commands from border routers connected to the ISP. Configuration modification is allowed in R4 and R5 to achieve the results. Do not use the BGP aggregate command.
2. R6 receives the ISP R2 Loopback2 from R4 and receives a summary address for both Loopbacks of ISP R2 from R4 or R5. Use BGP attribute local-preference, add <default value + router number>, for example, for R6, use "default+6=value to be used". Use the existing prefix lists or route maps with the sequence numbering starting at 10 and added in increments of 10.
3. R6 receives the ISP R2 Loopback1 from R5 and receives a summary address for both Loopbacks of ISP R2 from R4 or R5 using the same guidelines.
4. R6 advertises its Loopback1 /24 address through BGP.
### Solution
**R4**
conf t
ip route 10.20.0.0 255.255.0.0 null0
no ip prefix-list AS65001-in
access-list 10 permit 192.168.2.0 0.0.0.255
route-map LOCAL permit 10
match ip address 10
set local-preference 104
router bgp 65000
neighbor 10.20.6.6 route-map LOCAL out
route-map AS65001-in permit 20
match ip address prefix-list AS65001-in
set local-preference 104
clear ip bgp * soft
wr
**R5**
conf t
ip route 10.20.0.0 255.255.0.0 null0
no ip prefix-list AS65001-in
access-list 10 permit 192.168.3.0 0.0.0.255
route-map LOCAL permit 10
match ip address 10
set local-preference 105
router bgp 65000
neighbor 10.20.6.6 route-map LOCAL out
route-map AS65001-in permit 20
match ip address prefix-list AS65001-in
set local-preference 105
clear ip bgp * soft
wr
**R6**
conf t
router bgp 65000
address-family ipv4
network 172.16.6.0 mask 255.255.255.0
wr
---
### AAA & ACL Lab (Solution Verified?)
### Tasks
Troubleshoot and resolve the issues on West and East routers to achieve these goals:
1. SW2 should only allow telnet access from ISP router's Loopback 0 using the AAA services.
Fix the configs on SW2 to achieve this. Use preconfigured access-list ISP without removing the existing rule.
2. East router is configured to perform forwarding table lookup on an IP packet's source
address, and it checks the incoming interface to reduce the risk of IP Address spoofing. Fix the issue where some East Router fails to ping destinations which are reachable via default route such as loopback 16 on ISP router. Do not advertise this interface into ospf and neither use a static route on East router to perform this task.
You must remove wrong preconfigs that have impact on tasks you are performing to fix
issues.
Enable password is 'Cisco' on all devices
SW2: Local username is "SW2" and password is "Cisco"
## Starting Configs
**ISP**
ISP#sh run
Building configuration ...
Current confliguration : 1393 bytes
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
!
interface Loopback0
ip address 172.16.0.100 255.255.255.255
ip ospf 1 area 0
interface Loopback16
ip address 172.16.16.16 255.255.255.255
interface Ethernet0/0
ip address 10.0.10.1 255.255.255.252
ip ospf 1 area 1
duplex auto
!
interface Ethernet0/1
ip address 10.0.20.1 255.255.255.252
ip ospf 1 area 0
duplex auto
!
interface Ethernet0/2
no ip address
duplex auto
!
interface Ethernet0/3
no ip address
duplex auto
!
interface Ethernet1/0
no ip address
duplex auto
!
interface Ethernet1/1
no ip address
duplex auto
!
interface Ethernet1/2
no ip address
duplex auto
!
interface Ethernet1/3
no ip address
duplex auto
!
router ospf 1
default-information originate always
!
ip forward-protocol nd
!
!
!
ip http server
no ip http secure-server
!
ipv6 ioam timestamp
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end
**East**
East#sh run
Building configuration ...
!
Current configuration : 1262 bytes
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname East
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
interface Ethernet0/0
ip address 192.168.10.1 255.255.255.0
duplex auto
!
interface Ethernet0/1
ip address 10.0.10.2 255.255.255.252
ip verify unicast source reachable-via rx
duplex auto
!
interface Ethernet0/2
no ip address
duplex auto
!
!
interface Ethernet0/3
no ip address
duplex auto
!
interface Ethernet1/0
no ip address
duplex auto
!
interface Ethernet1/1
no ip address
duplex auto
!
interface Ethernet1/2
no ip address
duplex auto
!
interface Ethernet1/3
no ip address
duplex auto
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
ipv6 ioam timestamp
!
!
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end
**West**
West#sh run
Building configuration ...
!
Current configuration : 1281 bytes
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname West
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
redundancy
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.20.1 255.255.255.0
duplex auto
!
interface Ethernet0/1
ip address 10.0.20.2 255.255.255.252
duplex auto
!
interface Ethernet0/2
no ip address
duplex auto
!
interface Ethernet0/3
no ip address
duplex auto
!
interface Ethernet1/0
no ip address
!
interface Ethernet1/1
no ip address
duplex auto
!
interface Ethernet1/2
no ip address
duplex auto
!
interface Ethernet1/3
no ip address
duplex auto
!
router ospf 1
passive-interface Ethernet0/0
network 10.0.20.2 0.0.0.0 area 0
network 192.168.20.1 0.0.0.0 area 2
!
ip forward-protocol nd
!
!
no ip http server
!
!
no ip http server
no ip http secure-server
!
ipv6 ioam timestamp
!
!
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end
**SW2**
SW2#sh run
Building configuration ...
!
Current configuration : 1359 bytes
!
! Last configuration change at xx:xx:xx UTC Weekday Month Day 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$HuWP$gE0KrE2aM2/VIhls6fnLB/
!
username SW2 secret 5 $1$lroA$vInoDRIF5jFxygAIB4NQL1
aaa new-model
!
!
aaa authentication login telnet local
!
!
aaa session-id common
!
no ip domain-lookup
ip domain-name [cisco.com](http://cisco.com/)
ip cef
no ipv6 cef
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
interface Ethernet0/0
no switchport
ip address 192.168.20.2 255.255.255.0
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet1/0
!
interface Ethernet1/1
!
interface Ethernet1/2
!
interface Ethernet1/3
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.20.1
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ip access-list standard ISP
deny any log
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
access-class ISP in
exec-timeout 0 0
transport input ssh
!
!
end
### Solution
**SW2**
ip access-list standard ISP
5 permit 172.16.0.100
line vty 0 4
transport input telnet
login authentication telnet
**East**
configure terminal
interface Ethernet0/1
no ip verify unicast source reachable-via rx
ip verify unicast source reachable-via rx allow-default




And here is the ChatGPT prompt I used to create a custom GPT where I just added the labs as a .txt file. Good luck on the exam. You can do it!

--------

Purpose
This GPT is designed to serve as an interactive trainer for Cisco ENARSI 300-410 exam preparation, focusing on the effective use of IOS commands. It should guide users through the configuration and troubleshooting of various networking scenarios using a simulated command line interface.

General Behavior
User Guidance and Interaction:

Present a list of training topics upon initialization.
Allow the user to select a topic from the list to begin the lesson.
Guide the user step-by-step through the required IOS commands for the selected scenario.
Provide explanations for each command, including its purpose and usage.
Respond to incorrect commands or sequences with corrective guidance.
If the user requests a lab solution directly, provide only the exact solution from the documentation without improvisation or additional commentary.
If the user asks for an explanation or step-by-step guidance, offer additional context and walk through the commands, explaining the purpose of each step.
Command Line Simulation:

Simulate a realistic CLI environment for entering IOS commands.
Process and validate the entered commands as they would function in an actual Cisco device.
Offer feedback on command syntax, sequence, and context to help users understand the practical application.
Feedback and Assessment:

Provide immediate feedback for each command, indicating whether it is correct or incorrect.
Offer detailed explanations for incorrect commands, suggesting the correct command or sequence.
After each simulation, give a summary of performance, highlighting areas of improvement and providing additional resources or suggestions for further study.
Learning Reinforcement:

Include checkpoints within each scenario to review key concepts.
Present mini-quizzes or challenges at the end of each topic to reinforce learning.
Encourage the user to repeat topics as needed to master the command sequences.
Specific Instructions for Each Topic, please walk the user through the solution provided, but use the rest of the context of the question to get started - let the user know the topic of the lab and the tasks. Remember that we are challenging the user and we do not want to provide all of the lines all at once. Just provide a few lines of commands at a time, and ask the user to copy them. Refer to the uploaded file
Reply


Messages In This Thread
RE: Just Passed! Corrected Labs and Advice - by jupertino - 10-14-2024, 04:15 AM

Forum Jump:


Users browsing this thread: 2 Guest(s)