Here is Lab 1
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Aaron O'Conner [mailto:[email protected]] Sent: Thursday, September 09, 2010 3:26 PM To: Tyson Scott; [email protected] Subject: RE: [OSL | CCIE_Security] Yusuf's Practice labs Tyson, I have been working with support today on this. It appears that the auto load script is not working. They said that they don't have a copy of the configs. I'm trying to load them right now before my time runs out to get a copy. I didn't see those in my ipexpert account either. Is this something that you can get me, or do I need to make my own? Thanks Aaron From: Tyson Scott [mailto:[email protected]] Sent: Thursday, September 09, 2010 10:03 AM To: Aaron O'Conner; [email protected] Subject: RE: [OSL | CCIE_Security] Yusuf's Practice labs They are under volume 1 in the auto load scripts. Note that the Yusuf device name and our device name don't necessary jive as I had to change them around to fit more closely the connections required for the lab. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Aaron O'Conner Sent: Thursday, September 09, 2010 10:50 AM To: [email protected] Subject: [OSL | CCIE_Security] Yusuf's Practice labs Hello everyone. I wanted to see if anyone had any configs for Yusuf's practice labs that they use for the proctor labs equipment? I wanted to run through those before sitting my lab. If any one does have them, could you please send them my way J. I don't need the final ones if you guys don't have them, just the initial ones. Otherwise if nobody has them I will try to go through and make it work and share what I have. Thanks again, Aaron
!################################ !# ASA2 Initial Configuration # !################################ : Security context mode: single hostname ASA2 enable password cisco passwd cisco names ! interface Ethernet0/0 no nameif no security-level no ip address no shutdown ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.10.10 255.255.255.0 no shutdown ! interface Ethernet0/2 no nameif no security-level no ip address no shutdown ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address management-only ! interface Redundant1 member-interface Ethernet0/0 member-interface Ethernet0/2 nameif outside security-level 0 ip address 192.168.9.10 255.255.255.0 no shutdown ! access-list 100 extended permit icmp any any icmp unreachable rate-limit 1 burst-size 1 access-group 100 in interface outside ! router eigrp 10 no auto-summary network 192.168.10.0 255.255.255.0 redistribute ospf 1 metric 1 1 1 1 1 ! router ospf 1 network 192.168.9.0 255.255.255.0 area 0 log-adj-changes redistribute eigrp 10 metric 1 subnets ! route outside 0.0.0.0 0.0.0.0 192.168.9.4 1 track 1 route outside 0.0.0.0 0.0.0.0 192.168.9.3 2 dynamic-access-policy-record DfltAccessPolicy sla monitor 444 type echo protocol ipIcmpEcho 10.4.4.4 interface outside num-packets 3 frequency 5 sla monitor schedule 444 life forever start-time now crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 ! track 1 rtr 444 reachability telnet timeout 5 ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context : end
!################################ !# Sw1 Initial Configuration # !################################ no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Sw1 ! vtp mode server vtp domain ccie vtp password cisco ! vlan 2 vlan 3 vlan 4 vlan 5 vlan 9 vlan 50 vlan 101 vlan 102 vlan 201 vlan 202 ! no logging console enable password cisco ip subnet-zero ip tcp synwait-time 5 no ip domain lookup no aaa new-model ip subnet-zero ip routing no ip domain-lookup ip domain-name cisco.com ip tcp synwait-time 5 ! vlan access-map abc 10 action drop match ip address 101 vlan access-map abc 20 action forward ! vlan filter abc vlan-list 4 ! interface Loopback0 ip address 10.7.7.7 255.255.255.0 ! interface Loopback1 ip address 172.16.1.1 255.255.255.0 ! ! interface FastEthernet0/4 switchport access vlan 9 switchport mode access ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport trunk allowed vlan 102,202 switchport mode trunk ! interface FastEthernet0/10 switchport access vlan 101 switchport mode access ! interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/12 switchport access vlan 201 switchport mode access ! interface FastEthernet0/13 no switchport ip address 192.168.8.11 255.255.255.0 ! interface FastEthernet0/14 switchport access vlan 2 switchport mode access ! interface FastEthernet0/15 switchport access vlan 5 switchport mode access ! interface FastEthernet0/23 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast trunk ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast trunk ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.8.10 ip http server ip http secure-server ! ! access-list 101 permit ip host 192.168.4.11 host 192.168.3.11 access-list 101 permit ip host 192.168.4.11 host 192.168.64.4 !! line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 5 15 login ! end
!################################ !# Sw2 Initial Configuration # !################################ no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Sw2 vtp mode Client vtp domain ccie vtp password cisco ! no logging console enable password cisco ip subnet-zero ip tcp synwait-time 5 no ip domain lookup no aaa new-model ip subnet-zero ip routing no ip domain-lookup ip domain-name cisco.com ip tcp synwait-time 5 ! interface Loopback0 ip address 10.8.8.8 255.255.255.0 ! interface FastEthernet0/6 no switchport ip address 192.168.11.11 255.255.255.0 ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,3 switchport mode trunk ! ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport trunk allowed vlan 4,5 switchport mode trunk ! ! interface FastEthernet0/9 switchport access vlan 9 switchport mode access ! interface FastEthernet0/10 switchport access vlan 9 switchport mode access ! interface FastEthernet0/11 no switchport ip address 192.168.10.11 255.255.255.0 ! interface FastEthernet0/12 switchport access vlan 9 switchport mode access ! interface FastEthernet0/13 ! interface FastEthernet0/14 switchport access vlan 2 switchport mode access ! interface FastEthernet0/15 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101,102 switchport mode trunk ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport trunk allowed vlan 201,202 switchport mode trunk ! interface FastEthernet0/23 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast trunk ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast trunk ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address shutdown ! ! router eigrp 10 no auto-summary network 10.8.8.0 0.0.0.255 network 192.168.10.0 ! ip classless ip http server ip http secure-server ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 5 15 login ! end
!################################ !# R4 Initial Configuration # !################################ service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R4 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ! frame-relay switching ip tcp synwait-time 5 ! crypto isakmp policy 10 hash md5 authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set cisco esp-3des esp-md5-hmac mode transport ! crypto ipsec profile dmvpn set transform-set cisco ! interface Loopback1 ip address 44.44.44.44 255.255.255.0 ! interface Loopback0 ip address 10.4.4.4 255.255.255.0 ! ! interface f0/1 ip address 192.168.9.4 255.255.255.0 no shutdown ! interface Serial0/0/0 no shut encap frame ! ! interface Serial0/0/0.1 point-to-point ip address 192.168.64.4 255.255.255.0 ip ospf network point-to-point frame-relay interface-dlci 405 no shutdown ! ! interface Tunnel1 bandwidth 1000 ip address 172.1.0.4 255.255.255.0 no ip redirects ip mtu 1360 ip nhrp authentication cisco ip nhrp map 192.168.3.11 172.1.0.1 ip nhrp map multicast 192.168.3.11 ip nhrp nhs 172.1.0.1 delay 1100 tunnel source Serial0/0/0.1 tunnel mode gre multipoint tunnel key 11 tunnel protection ipsec profile dmvpn ! router eigrp 100 network 44.44.44.0 0.0.0.255 network 172.1.0.0 0.0.0.255 no auto-summary ! router ospf 1 log-adjacency-changes network 10.4.4.0 0.0.0.255 area 0 network 192.168.9.0 0.0.0.255 area 0 network 192.168.64.0 0.0.0.255 area 0 ! ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! scheduler allocate 20000 1000 end
!################################ !# R6 Initial Configuration # !################################ service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R6 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! interface Loopback0 ip address 10.6.6.6 255.255.255.0 ! interface Loopback10 ip address 172.17.6.6 255.255.255.0 ! interface f0/1 no shut ! interface f0/1.1 encap dot1 102 ip address 192.168.7.11 255.255.255.0 ! interface f0/1.2 encap dot1 202 ip address 192.168.6.11 255.255.255.0 ! interface Serial0/1/0 no shut encap frame ! interface Serial0/1/0.1 point-to-point ip address 192.168.64.6 255.255.255.0 ip ospf network point-to-point frame-relay interface-dlci 504 no shutdown ! ! interface Serial0/1/0.2 point-to-point ip address 192.168.65.6 255.255.255.0 ip access-group 101 in ip ospf network point-to-point frame-relay interface-dlci 506 no shutdown ! router ospf 1 log-adjacency-changes redistribute connected metric 1 subnets redistribute static metric 1 subnets network 10.6.6.0 0.0.0.255 area 0 network 172.17.6.0 0.0.0.255 area 0 network 192.168.64.0 0.0.0.255 area 0 network 192.168.65.0 0.0.0.255 area 0 ! ip forward-protocol nd ip route 10.1.1.0 255.255.255.0 192.168.6.10 ip route 10.2.2.0 255.255.255.0 192.168.6.10 ip route 10.7.7.0 255.255.255.0 192.168.7.10 ip route 172.16.1.0 255.255.255.0 192.168.7.10 ip route 192.168.2.0 255.255.255.0 192.168.6.10 ip route 192.168.3.0 255.255.255.0 192.168.6.10 ip route 192.168.4.0 255.255.255.0 192.168.6.10 ip route 192.168.5.0 255.255.255.0 192.168.6.10 ip route 192.168.8.0 255.255.255.0 192.168.7.10 no ip http server no ip http secure-server ! access-list 101 deny icmp host 10.55.55.55 any access-list 101 deny icmp host 192.168.65.5 any access-list 101 deny icmp host 192.168.35.5 any access-list 101 permit ip any any ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end
!################################ !# R5 Initial Configuration # !################################ service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname R5 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef frame-relay switching ip tcp synwait-time 5 ! interface Loopback0 ip address 10.5.5.5 255.255.255.0 ! interface Loopback5 ip address 10.55.55.55 255.255.255.255 ip nat inside ! ! interface f0/1 ip address 192.168.11.10 255.255.255.0 no shutdown ! interface Serial0/2/0 ip address 192.168.35.5 255.255.255.0 encapsulation ppp ip ospf network point-to-point no fair-queue clock rate 2000000 ip nat outside no shutdown ! interface Serial0/1/0 no shut encap frame ! interface Serial0/1/0.1 point-to-point ip address 192.168.65.5 255.255.255.0 ip ospf network point-to-point frame-relay interface-dlc 605 no shutdown ! router ospf 1 log-adjacency-changes network 10.5.5.0 0.0.0.255 area 0 network 10.55.55.0 0.0.0.255 area 0 network 192.168.35.0 0.0.0.255 area 0 network 192.168.65.0 0.0.0.255 area 0 ! ip http server no ip http secure-server ! access-list 102 permit ip any host 10.55.55.55 ! route-map s1 permit 10 match ip address 102 match interface Serial0/1/0.1 ! route-map s0 permit 10 match ip address 102 match interface Serial0/2/0 ! ! ip nat inside source route-map s0 interface Serial0/2/0 overload ip nat inside source route-map s1 interface Serial0/1/0.1 overload ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end
service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! crypto isakmp policy 10 hash md5 authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set cisco esp-3des esp-md5-hmac mode transport ! crypto ipsec profile dmvpn set transform-set cisco ! interface Loopback1 ip address 11.11.11.11 255.255.255.255 ! interface Loopback0 ip address 10.1.1.1 255.255.255.0 ! interface f0/1 no shut interface f0/1.1 encap dot1 3 ip address 192.168.3.11 255.255.255.0 ! ! interface f0/1.2 encap dot1 2 ip address 192.168.2.11 255.255.255.0 ! ! ! interface Tunnel1 bandwidth 1000 ip address 172.1.0.1 255.255.255.0 no ip redirects ip mtu 1360 ip nhrp authentication cisco ip nhrp map multicast dynamic ip nhrp network-id 11 ip nhrp holdtime 300 no ip split-horizon eigrp 100 delay 1100 tunnel source f0/1.1 tunnel mode gre multipoint tunnel key 11 tunnel protection ipsec profile dmvpn ! router eigrp 100 network 11.11.11.0 0.0.0.255 network 172.1.0.0 0.0.0.255 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip route 10.0.0.0 255.0.0.0 192.168.3.10 ip route 172.17.0.0 255.255.0.0 192.168.3.10 ip route 192.168.0.0 255.255.0.0 192.168.3.10 ip http server no ip http secure-server ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end
!################################ !# R2 Initial Configuration # !################################ service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! crypto isakmp policy 10 hash md5 authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set cisco esp-3des esp-md5-hmac mode transport ! crypto ipsec profile dmvpn set transform-set cisco ! interface Loopback1 ip address 22.22.22.22 255.255.255.0 ! interface Loopback0 ip address 10.2.2.2 255.255.255.0 ! interface f0/1 no shut ! interface f0/1.1 encap dot1 4 ip address 192.168.4.11 255.255.255.0 ! interface f0/1.2 encap dot1 5 ip address 192.168.5.11 255.255.255.0 ! ! interface Tunnel1 bandwidth 1000 ip address 172.1.0.2 255.255.255.0 no ip redirects ip mtu 1360 ip nhrp authentication cisco ip nhrp map multicast 192.168.3.11 ip nhrp map 172.1.0.1 192.168.3.11 ip nhrp network-id 11 ip nhrp holdtime 300 ip nhrp nhs 172.1.0.1 delay 1100 tunnel source f0/1.1 tunnel mode gre multipoint tunnel key 1 tunnel protection ipsec profile dmvpn ! router eigrp 100 network 22.22.22.0 0.0.0.255 network 172.1.0.0 0.0.0.255 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.4.10 ip http server no ip http secure-server ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end
!################################ !# R3 Initial Configuration # !################################ service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! interface Loopback0 ip address 10.3.3.3 255.255.255.0 ! interface Loopback10 ip address 172.17.3.3 255.255.255.0 ! ! interface f0/1 no switchport ip address 192.168.9.3 255.255.255.0 ! interface Serial0/2/0 ip address 192.168.35.3 255.255.255.0 encapsulation ppp ip ospf network point-to-point no fair-queue no shutdown ! router ospf 1 log-adjacency-changes network 10.3.3.0 0.0.0.255 area 0 network 172.17.3.0 0.0.0.255 area 0 network 192.168.9.0 0.0.0.255 area 0 network 192.168.35.0 0.0.0.255 area 0 ! ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
