Here is Lab 2. I am not sure what is not working. I will have to get with support to find out because I am not seeing any problems.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Aaron O'Conner [mailto:[email protected]] Sent: Thursday, September 09, 2010 3:26 PM To: Tyson Scott; [email protected] Subject: RE: [OSL | CCIE_Security] Yusuf's Practice labs Tyson, I have been working with support today on this. It appears that the auto load script is not working. They said that they don't have a copy of the configs. I'm trying to load them right now before my time runs out to get a copy. I didn't see those in my ipexpert account either. Is this something that you can get me, or do I need to make my own? Thanks Aaron From: Tyson Scott [mailto:[email protected]] Sent: Thursday, September 09, 2010 10:03 AM To: Aaron O'Conner; [email protected] Subject: RE: [OSL | CCIE_Security] Yusuf's Practice labs They are under volume 1 in the auto load scripts. Note that the Yusuf device name and our device name don't necessary jive as I had to change them around to fit more closely the connections required for the lab. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Aaron O'Conner Sent: Thursday, September 09, 2010 10:50 AM To: [email protected] Subject: [OSL | CCIE_Security] Yusuf's Practice labs Hello everyone. I wanted to see if anyone had any configs for Yusuf's practice labs that they use for the proctor labs equipment? I wanted to run through those before sitting my lab. If any one does have them, could you please send them my way J. I don't need the final ones if you guys don't have them, just the initial ones. Otherwise if nobody has them I will try to go through and make it work and share what I have. Thanks again, Aaron
!******************************** !* * !* Sw1 Initial Configuration * !* * !******************************** no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Sw1 no logging console enable password cisco no aaa new-model system mtu routing 1500 ip subnet-zero ip routing no ip domain-lookup ip domain-name cisco.com ! ! vtp mode server vtp domain ccie vtp password cisco ! ! vlan 2 vlan 3 vlan 4 vlan 5 vlan 6 vlan 7 vlan 8 vlan 10 vlan 20 vlan 21 ! ! ! ip tcp synwait-time 5 ! ! ! interface Loopback0 ip address 10.7.7.7 255.255.255.0 ! ! interface FastEthernet0/2 ! ! ! interface FastEthernet0/4 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 7,20 ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 8,21 ! ! ! interface FastEthernet0/10 switchport access vlan 6 switchport mode access ! interface FastEthernet0/11 switchport access vlan 4 switchport mode access ! interface FastEthernet0/12 switchport access vlan 5 switchport mode access ! interface FastEthernet0/13 ! interface FastEthernet0/14 switchport access vlan 2 switchport mode access ! ! interface FastEthernet0/23 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast trunk ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast trunk ! ! interface Vlan1 no ip address shutdown ! ! interface Vlan20 ip address 192.168.41.2 255.255.255.0 ! interface vlan21 ip address 192.168.52.2 255.255.255.0 ! ! router ospf 1 log-adjacency-changes network 10.7.7.0 0.0.0.255 area 0 network 192.168.41.0 0.0.0.255 area 0 network 192.168.52.0 0.0.0.255 area 0 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.41.1 ip http server ip http secure-server ! ! access-list 101 deny udp any any eq isakmp access-list 101 permit ip any any ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 5 15 login ! end
!******************************** !* * !* Sw2 Initial Configuration * !* * !******************************** no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Sw2 ! vtp mode server vtp domain ccie vtp password cisco ! no logging console enable password cisco no aaa new-model system mtu routing 1500 ip subnet-zero ip routing no ip domain-lookup ip domain-name cisco.com ! ip tcp synwait-time 5 ! ! ! interface Loopback0 ip address 10.8.8.8 255.255.255.0 ! ! interface FastEthernet0/6 switchport access vlan 6 switchport mode access ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 2,3 ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 3,5 ! interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 3,4 ip access-group 101 in ! interface FastEthernet0/14 switchport access vlan 2 switchport mode access ! ! interface FastEthernet0/23 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast trunk ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast trunk ! interface Vlan1 no ip address ! router ospf 1 log-adjacency-changes network 10.8.8.0 0.0.0.255 area 0 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.52.1 ip http server ip http secure-server ! ! access-list 101 deny udp any any eq isakmp access-list 101 permit ip any any ! control-plane ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 5 15 login ! end
!******************************** !* * !* R4 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R4 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef frame-relay switching ip tcp synwait-time 5 ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set L2L_trans esp-3des esp-sha-hmac ! crypto ipsec profile L2L_VTI set transform-set L2L_trans ! ! crypto ipsec client ezvpn ezvpn_dvti connect auto group cisco key cisco local-address Loopback0 mode client peer 192.168.4.2 username cisco password cisco xauth userid mode interactive ! ! ! interface Loopback0 ip address 10.4.4.4 255.255.255.0 ! interface Loopback45 ip address 45.45.4.1 255.255.255.0 ! interface Tunnel45 ip address 100.1.1.1 255.255.255.0 tunnel source f0/1.2 tunnel destination 192.168.45.5 tunnel protection ipsec profile L2L_VTI ! int f0/1 no shut int f0/1.1 encap dot1 20 ip address 192.168.41.1 255.255.255.0 ! interface f0/1.2 encap dot1 7 ip address 192.168.45.4 255.255.255.0 ip access-group 102 in interface Serial0/0/0 no shut encap frame ! ! interface Serial0/0/0.1 point-to-point ip address 192.168.64.4 255.255.255.0 ip ospf network point-to-point frame-relay interface-dlci 406 crypto ipsec client ezvpn ezvpn_dvti outside ! !! router ospf 1 log-adjacency-changes network 10.4.4.0 0.0.0.255 area 0 network 192.168.41.0 0.0.0.255 area 0 network 192.168.45.0 0.0.0.255 area 0 network 192.168.64.0 0.0.0.255 area 0 ! router rip version 2 network 45.0.0.0 network 100.0.0.0 no auto-summary ! no ip http server no ip http secure-server ! access-list 102 deny udp host 192.168.45.5 host 192.168.45.4 eq isakmp access-list 102 permit ip any any ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end
!******************************** !* * !* R5 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R5 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef frame-relay switching ip tcp synwait-time 5 ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set L2L_trans esp-3des esp-sha-hmac ! crypto ipsec profile L2L_VTI set transform-set L2L_trans ! ! ! interface Loopback0 ip address 10.5.5.5 255.255.255.0 ! interface Loopback11 ip address 10.55.55.55 255.255.255.255 ! interface Loopback45 ip address 45.45.5.1 255.255.255.0 ! interface Tunnel45 ip address 100.1.1.2 255.255.255.0 tunnel source f0/1.1 tunnel destination 192.168.45.4 tunnel mode ipsec ipv4 ! int f0/1 no shut ! int f0/1.1 encap dot1 8 ip address 192.168.45.5 255.255.255.0 ! interface f0/1.2 encap dot1 21 ip address 192.168.52.1 255.255.255.0 ! interface Serial0/1/0 no shut encap frame ! interface Serial0/1/0.1 point-to-point ip address 192.168.65.5 255.255.255.0 ip ospf network point-to-point frame-relay interface-dlc 506 ! ! router ospf 1 log-adjacency-changes network 10.5.5.0 0.0.0.255 area 0 network 192.168.45.0 0.0.0.255 area 0 network 192.168.52.0 0.0.0.255 area 0 network 192.168.65.0 0.0.0.255 area 0 ! router rip version 2 network 100.0.0.0 no auto-summary ! ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end
!******************************** !* * !* R6 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname R6 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! ! class-map match-all mark23 match protocol telnet ! policy-map mark23 class mark23 set dscp 2 ! interface Loopback0 ip address 10.6.6.6 255.255.255.0 ! interface f0/1 ip address 192.168.6.6 255.255.255.0 no shutdown ! ! interface Serial0/1/0 no shut encap frame ! interface Serial0/1/0.1 point-to-point ip address 192.168.64.6 255.255.255.0 ip ospf network point-to-point frame-relay interface-dlci 604 service-policy input mark23 ! ! interface Serial0/1/0.2 point-to-point ip address 192.168.65.6 255.255.255.0 ip access-group 101 in ip ospf network point-to-point frame-relay interface-dlci 605 ! ! ! router ospf 1 log-adjacency-changes redistribute connected metric 1 subnets redistribute static metric 1 subnets network 10.6.6.0 0.0.0.255 area 0 network 192.168.64.0 0.0.0.255 area 0 network 192.168.65.0 0.0.0.255 area 0 ! ip forward-protocol nd ip route 10.1.1.0 255.255.255.0 192.168.6.10 ip route 10.2.2.0 255.255.255.0 192.168.6.10 ip route 10.3.3.0 255.255.255.0 192.168.6.11 ip route 192.168.2.0 255.255.255.0 192.168.6.10 ip route 192.168.3.0 255.255.255.0 192.168.6.10 ip route 192.168.4.0 255.255.255.0 192.168.6.10 ip route 192.168.5.0 255.255.255.0 192.168.6.11 no ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end
!******************************** !* * !* R1 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! interface Loopback0 ip address 10.1.1.1 255.255.255.0 ! interface Loopback11 ip address 10.11.11.11 255.255.255.255 ! interface f0/1 no shut ! interface f0/1.1 encap dot1 3 ip address 192.168.3.11 255.255.255.0 ! interface f0/1.2 encap dot1 2 ip address 192.168.2.11 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip route 10.2.2.0 255.255.255.0 192.168.3.2 ip route 10.3.3.0 255.255.255.0 192.168.3.3 ip route 10.4.4.0 255.255.255.0 192.168.3.2 ip route 10.5.5.0 255.255.255.0 192.168.3.2 ip route 10.6.6.0 255.255.255.0 192.168.3.2 ip route 10.7.7.0 255.255.255.0 192.168.3.2 ip route 10.8.8.0 255.255.255.0 192.168.3.3 ip route 192.168.0.0 255.255.0.0 192.168.3.2 ip http server no ip http secure-server ! ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end
!******************************** !* * !* R3 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname R3 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! ! interface Loopback0 ip address 10.3.3.3 255.255.255.0 ! interface Loopback11 ip address 10.33.33.33 255.255.255.255 ! int f0/1 no shut ! int f0/1.1 encap dot1 3 ip address 192.168.3.3 255.255.255.0 ! interface f0/1.2 encap dot1 5 ip address 192.168.5.3 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 192.168.5.10 ip route 10.1.1.0 255.255.255.0 192.168.3.11 ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! scheduler allocate 20000 1000 end
!******************************** !* * !* R2 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! ip domain name cisco.com ! aaa new-model aaa authentication login ezvpn local aaa authorization network ezvpn local ! username cisco privilege 15 password 0 cisco ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! crypto isakmp client configuration group cisco domain cisco.com pool mypool ! crypto isakmp profile ezvpn_dvti match identity group cisco client authentication list ezvpn isakmp authorization list ezvpn client configuration address respond ! ! crypto ipsec transform-set ezvpn_trans esp-3des esp-sha-hmac ! crypto ipsec profile ezvpn_dvti set transform-set ezvpn_trans set isakmp-profile ezvpn_dvti ! ! class-map match-any drop23 match protocol telnet match ip dscp 1 ! policy-map drop23 class drop23 drop ! ! interface Loopback0 ip address 10.2.2.2 255.255.255.0 ! interface f0/1 no shut ! interface f 0/1.1 encap dot1 3 ip address 192.168.3.2 255.255.255.0 ! interface f 0/1.2 encap dot1 4 ip address 192.168.4.2 255.255.255.0 service-policy input drop23 service-policy output drop23 ! interface Virtual-Template1 type tunnel ip unnumbered Loopback0 tunnel source Loopback0 tunnel mode ipsec ipv4 tunnel protection ipsec profile ezvpn_dvti ! ip local pool mypool 10.20.20.1 10.20.20.100 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.4.10 ip route 10.1.1.0 255.255.255.0 192.168.3.11 ip route 192.168.2.0 255.255.255.0 192.168.3.11 no ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
