Docstoc

Free 642-902 Lab Questions

Document Sample
Free 642-902 Lab Questions Powered By Docstoc
					                     CCNP EXAM 642-902 Lab
                        Implementing Cisco IP Routing (ROUTE)

                         http://www.aonetesting.com/642-902 Lab.html




For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com   1   1
         Exam Objective: Configure OSPF routing - Lab 1
         Contents
         Introduction
         Technology Background
         Lab Scenario
         Lab Objectives
         Lab Solution

         Introduction
         OSPF is an open standard Link State Routing Protocol. The basic configuration of OSPF is covered
         in another lab. This one focuses on advanced OSPF features such as area types and authentication.
         Technology Background
         OSPF supports several types of areas, including standard areas, stub areas, totally stubby
         areas, and not-so-stubby (NSSA) areas. These special area types bring flexibility to OSPF
         network design, allowing OSPF to be molded according to needs and hardware.
         It should be remembered that an area is a part of the OSPF Routing Domain. Routes are exchanged
         between area through Area Border Routers(ABRs). Areas break up the OSPD domain into small
         manageable blocks.
         Sometimes the design or hardware of routers in an area warrants less LSA information in. Imagine a
         small branch office router getting all LSAs from the Head Office router in a large OSPF domain. The
         router will soon exhaust its memory and/or CPU.
         OSPF provides for different type of Stub areas which limit the number of LSAs which are received
         into it. There are 3 rules which need to be remembered when configuring any type of Stub area:
         All routers in an area should be configured for the same stub type
         Area 0 cannot be a stub area
         A Virtual link cannot traverse a stub area
         The different types of Stub Areas are:
         Stub Area
         Totally Stubby Area
         Not-So-Stubby Area (NSSA)
         Totally Stubby NSSA
         Stub Area:
         The ABR of a Stub area will filter all external advertisements (LSA type 5) and replace them with a
         default route. Which means you will never see an E1 or E2 route in a Stub area. The default route
         injected by the ABR will have a next hop address of the ABR's interface. So all traffic destined to an
         external network will pass through the ABR. In Figure 1 if Area 1 is configured as Stub then the
         external routes being advertised by ASBR RouterA will not be seen on RouterD. RouterB, the ABR,
         would replace the External Routes with a default route.




For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com      2      2
         Figure 1
         The command to implement a stub area on an ABR is:
         Router(config-router)#area <area-id> stub
         Totally Stubby Area:
         Totally stubby areas are areas where the ABR filters all inter-area and external advertisements and
         replaces them with a default route. The totally stubby option is Cisco proprietary. In a large network
         the routing table's considerable size comes from other areas and external sources. Hence a totally
         stubby area would reduce the size of routing table a great deal. For example if Area 2 is configured
         as Totally Stubby in Figure 1, RouterC, the ABR, will not only filter the external routers from
         RouterA but also the Area 1 routes advertised by RouterB.
         The command to implement a totally stubby ABR is:
         Router(config-router)#area <area-id> stub no-summary
         The area <area-id> stub no-summary command is only entered on the ABR of a totally
         stubby area. The other routers in the totally stubby area are only configured with the
         area <area-id> stub command.
         Not-So-Stubby Area (NSSA):
         A stub or a totally stubby Area does not have external routes. This means that these areas cannot
         have an ASBR also. NSSA is a stub area that allows an ASBR. The ASBR understands that type 5
         LSAs are not permitted and so disguises the LSAs as type 7. The type 7 LSAs are converted to type
         5 by the ABR and sent normally out to other Areas. NSSA external routes show up as N1 or N2
         instead of E1 or E2.
         NSSA is similar to a stub area in all other aspects.
         Note that the ABR of an NSSA does not automatically generate a default route; the nosummary
         or default-originate optional keywords must be appended to the area nssa <area-id> command on
         the ABR for that to happen.
         The command to implement a stub or totally stubby NSSA ABR is
         Router(config-router)#area <area-id> nssa
         Remember that NSSA is a stub area so the ABR will not allow LSA type 5 to come into the Area.
         Totally Not-So-Stubby Area (NSSA):

For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com       3     3
         Similar to NSSA but the ABR of this area will not allow Inter Area routes to come into the area. This
         area is similar to Totally Stubby Area but will allow an ASBR and LSA type 7 routes.
         ABR of this area will also not generate a default route unless the nosummary or default-originate
         keyword are not configured on it.
         The command to configure an area as Totally NSSA is :
         Router(config-router)#area <area-id> nssa no-summary
         Authentication:
         OSPF by default trusts any router. This can be dangerous if someone injects malicious routes. To
         prevent this from happening we can configure Authentication between OSPF routers. There are two
         kinds of authentication available - clear text and MD5 hash.
         Clear text passwords can be found out by anyone who can capture the packets. MD5 hash cannot be
         reversed and hence are secure.
         Plain Text authentication can be enabled on per-interface basis using the following commands:
         Router(config-if)#ip ospf authentication
         Router(config-if)#ip ospf authentication-key <key>
         MD5 authentication can be enabled per-interface basis using the following commands:
         Router(config-if)#ip ospf authentication message-digest
         Router(config-if)#ip ospf message-digest-key <key id> md5 <key>
         Lab Scenario
         We are using OSPF in our network, shown in Figure 2.




         Figure 2
         The relevant configuration of the routers is given below:
         RouterA#sh run
         !
         hostname RouterA
         !
         !
         interface Loopback0
         ip address 1.1.1.1 255.255.255.0
         !
         interface Loopback1
         ip address 172.16.1.1 255.255.255.0
         !
         interface Loopback2
         ip address 172.16.2.1 255.255.255.0

For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com     4      4
         !
         interface FastEthernet0/0
         ip address 192.168.1.1 255.255.255.0
         duplex auto
         speed auto
         !
         router ospf 1
         log-adjacency-changes
         redistribute connected subnets route-map connred
         network 192.168.1.1 0.0.0.0 area 0
         !
         route-map connred permit 10
         match interface Loopback1 Loopback2
         !
         RouterB#sh run
         !
         hostname RouterB
         !
         interface Loopback0
         ip address 2.2.2.2 255.255.255.0
         !
         interface FastEthernet0/0
         ip address 192.168.1.2 255.255.255.0
         duplex auto
         speed auto
         !
         interface Serial0/0
         ip address 192.168.2.2 255.255.255.0
         clock rate 2000000
         !
         router ospf 1
         log-adjacency-changes
         network 192.168.1.2 0.0.0.0 area 0
         network 192.168.2.2 0.0.0.0 area 1
         RouterC#sh run
         !
         hostname RouterC
         !
         !
         interface Loopback0
         ip address 3.3.3.3 255.255.255.0
         !
         interface FastEthernet0/0
         ip address 192.168.1.3 255.255.255.0
         duplex auto
         speed auto
         !

For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com   5   5
         interface Serial0/0
         ip address 192.168.3.3 255.255.255.0
         clock rate 2000000
         !
         router ospf 1
         log-adjacency-changes
         network 192.168.1.3 0.0.0.0 area 0
         network 192.168.3.3 0.0.0.0 area 2
         !
         RouterD#sh run
         !
         hostname RouterD
         !
         interface Loopback0
         ip address 4.4.4.4 255.255.255.0
         !
         interface Serial0/0
         ip address 192.168.2.4 255.255.255.0
         clock rate 2000000
         !
         router ospf 1
         log-adjacency-changes
         network 192.168.2.4 0.0.0.0 area 1
         !
         RouterE#sh run
         !
         hostname RouterE
         !
         interface Loopback0
         ip address 5.5.5.5 255.255.255.0
         !
         interface Serial0/0
         ip address 192.168.3.5 255.255.255.0
         clock rate 2000000
         !
         interface Serial0/1
         ip address 192.168.4.5 255.255.255.0
         clock rate 2000000
         !
         router ospf 1
         log-adjacency-changes
         redistribute rip subnets
         network 192.168.3.5 0.0.0.0 area 2
         !
         router rip
         version 2
         redistribute ospf 1 metric 5

For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com   6   6
         network 192.168.4.0
         no auto-summary
         !
         RouterF#sh run
         !
         hostname RouterF
         !
         interface Loopback1
         ip address 10.1.1.1 255.255.255.0
         !
         interface Loopback2
         ip address 10.1.2.1 255.255.255.0
         !
         interface Loopback3
         ip address 10.1.3.1 255.255.255.0
         !
         interface Serial0/0
         ip address 192.168.4.6 255.255.255.0
         clock rate 2000000
         !
         router rip
         version 2
         network 10.0.0.0
         network 192.168.4.0
         no auto-summary
         Your task is to configure OSPF such that :
         No external or inter-area routes are seen on RouterD. A default route should be present to reach these
         networks
         No E1 or E2 routes are seen on RouterE. A default route should be present to reach these networks.
         Routes from RouterF should be present on RouterA.
         Communication between RouterA, RouterB and RouterC is as secure as possible.
         Lab Objectives
         Configure Area 1 as Totally Stubby
         Configure Area 2 as NSSA and ensure that the ABR is sending default route
         Configure message-digest authentication between RouterA, RouterB and RouterC
         Lab Solution
         The first task requires us to configure Area 1 as Totally Stubby:
         RouterB(config)#router ospf 1
         RouterB(config-router)#area 1 stub no-summary
         RouterD(config)#router ospf 1
         RouterD(config-router)#area 1 stub
         Let's verify on RouterD:
         RouterD#sh ip ospf
         Routing Process "ospf 1" with ID 4.4.4.4
         Start time: 00:09:17.700, Time elapsed: 00:25:47.876
         Supports only single TOS(TOS0) routes

For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com      7      7
         Supports opaque LSA
         Supports Link-local Signaling (LLS)
         Supports area transit capability
         Router is not originating router-LSAs with maximum metric
         Initial SPF schedule delay 5000 msecs
         Minimum hold time between two consecutive SPFs 10000 msecs
         Maximum wait time between two consecutive SPFs 10000 msecs
         Incremental-SPF disabled
         Minimum LSA interval 5 secs
         Minimum LSA arrival 1000 msecs
         LSA group pacing timer 240 secs
         Interface flood pacing timer 33 msecs
         Retransmission pacing timer 66 msecs
         Number of external LSA 0. Checksum Sum 0x000000
         Number of opaque AS LSA 0. Checksum Sum 0x000000
         Number of DCbitless external and opaque AS LSA 0
         Number of DoNotAge external and opaque AS LSA 0
         Number of areas in this router is 1. 0 normal 1 stub 0 nssa
         Number of areas transit capable is 0
         External flood list length 0
            Area 1
               Number of interfaces in this area is 1
               It is a stub area
               Area has no authentication
               SPF algorithm last executed 00:01:02.744 ago
               SPF algorithm executed 4 times
               Area ranges are
               Number of LSA 3. Checksum Sum 0x016E12
               Number of opaque link LSA 0. Checksum Sum 0x000000
               Number of DCbitless LSA 0
               Number of indication LSA 0
               Number of DoNotAge LSA 0
               Flood list length 0
         RouterD#sh ip route
         --output truncated--
         Gateway of last resort is 192.168.2.2 to network 0.0.0.0
             4.0.0.0/24 is subnetted, 1 subnets
         C      4.4.4.0 is directly connected, Loopback0
         C 192.168.2.0/24 is directly connected, Serial0/0
         O*IA 0.0.0.0/0 [110/65] via 192.168.2.2, 00:01:48, Serial0/0
         RouterD#ping 10.1.3.1
         Type escape sequence to abort.
         Sending 5, 100-byte ICMP Echos to 10.1.3.1, timeout is 2 seconds:
         !!!!!
         Success rate is 100 percent (5/5), round-trip min/avg/max = 8/59/128 ms
         The above outputs shown that Area 1 is stub, a default route is being injected into the area by the
         ABR and RouterD can reach the external routes on RouterF.

For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com          8   8
         Next task requires us to configure Area 2 as NSSA:
         RouterC(config)#router ospf 1
         RouterC(config-router)#area 2 nssa default-information-originate
         RouterE(config)#router ospf 1
         RouterE(config-router)#area 2 nssa
         Let's verify the configuration and the routing tables:
         RouterE#sh ip ospf
         Routing Process "ospf 1" with ID 5.5.5.5
         Start time: 00:10:21.252, Time elapsed: 00:29:35.448
         Supports only single TOS(TOS0) routes
         Supports opaque LSA
         Supports Link-local Signaling (LLS)
         Supports area transit capability
         It is an autonomous system boundary router
         Redistributing External Routes from,
             rip, includes subnets in redistribution
         Router is not originating router-LSAs with maximum metric
         Initial SPF schedule delay 5000 msecs
         Minimum hold time between two consecutive SPFs 10000 msecs
         Maximum wait time between two consecutive SPFs 10000 msecs
         Incremental-SPF disabled
         Minimum LSA interval 5 secs
         Minimum LSA arrival 1000 msecs
         LSA group pacing timer 240 secs
         Interface flood pacing timer 33 msecs
         Retransmission pacing timer 66 msecs
         Number of external LSA 0. Checksum Sum 0x000000
         Number of opaque AS LSA 0. Checksum Sum 0x000000
         Number of DCbitless external and opaque AS LSA 0
         Number of DoNotAge external and opaque AS LSA 0
         Number of areas in this router is 1. 0 normal 0 stub 1 nssa
         Number of areas transit capable is 0
         External flood list length 0
             Area 2
                Number of interfaces in this area is 1
                It is a NSSA area
                Area has no authentication
                SPF algorithm last executed 00:01:20.680 ago
                SPF algorithm executed 5 times
                Area ranges are
                Number of LSA 9. Checksum Sum 0x05D8B9
                Number of opaque link LSA 0. Checksum Sum 0x000000
                Number of DCbitless LSA 0
                Number of indication LSA 0
                Number of DoNotAge LSA 0
                Flood list length 0
         RouterE#sh ip route

For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com   9   9
         --output truncated--
         Gateway of last resort is 192.168.3.3 to network 0.0.0.0
            5.0.0.0/24 is subnetted, 1 subnets
         C     5.5.5.0 is directly connected, Loopback0
         C 192.168.4.0/24 is directly connected, Serial0/1
            10.0.0.0/24 is subnetted, 3 subnets
         R     10.1.3.0 [120/1] via 192.168.4.6, 00:00:18, Serial0/1
         R     10.1.2.0 [120/1] via 192.168.4.6, 00:00:18, Serial0/1
         R     10.1.1.0 [120/1] via 192.168.4.6, 00:00:18, Serial0/1
         O IA 192.168.1.0/24 [110/74] via 192.168.3.3, 00:01:49, Serial0/0
         O IA 192.168.2.0/24 [110/138] via 192.168.3.3, 00:01:49, Serial0/0
         C 192.168.3.0/24 is directly connected, Serial0/0
         O*N2 0.0.0.0/0 [110/1] via 192.168.3.3, 00:01:49, Serial0/0
         RouterC#sh ip route
         --output truncated--
         Gateway of last resort is not set
            3.0.0.0/24 is subnetted, 1 subnets
         C     3.3.3.0 is directly connected, Loopback0
            172.16.0.0/24 is subnetted, 2 subnets
         O E2 172.16.1.0 [110/20] via 192.168.1.1, 00:02:46, FastEthernet0/0
         O E2 172.16.2.0 [110/20] via 192.168.1.1, 00:02:46, FastEthernet0/0
         O N2 192.168.4.0/24 [110/20] via 192.168.3.5, 00:02:46, Serial0/0
            10.0.0.0/24 is subnetted, 3 subnets
         O N2 10.1.3.0 [110/20] via 192.168.3.5, 00:02:46, Serial0/0
         O N2 10.1.2.0 [110/20] via 192.168.3.5, 00:02:47, Serial0/0
         O N2 10.1.1.0 [110/20] via 192.168.3.5, 00:02:47, Serial0/0
         C 192.168.1.0/24 is directly connected, FastEthernet0/0
         O IA 192.168.2.0/24 [110/74] via 192.168.1.2, 00:02:47, FastEthernet0/0
         C 192.168.3.0/24 is directly connected, Serial0/0
         RouterA#sh ip route
         --output truncated--
         Gateway of last resort is not set
            1.0.0.0/24 is subnetted, 1 subnets
         C     1.1.1.0 is directly connected, Loopback0
            172.16.0.0/24 is subnetted, 2 subnets
         C     172.16.1.0 is directly connected, Loopback1
         C     172.16.2.0 is directly connected, Loopback2
         O E2 192.168.4.0/24 [110/20] via 192.168.1.3, 00:03:18, FastEthernet0/0
            10.0.0.0/24 is subnetted, 3 subnets
         O E2 10.1.3.0 [110/20] via 192.168.1.3, 00:03:17, FastEthernet0/0
         O E2 10.1.2.0 [110/20] via 192.168.1.3, 00:03:17, FastEthernet0/0
         O E2 10.1.1.0 [110/20] via 192.168.1.3, 00:03:17, FastEthernet0/0
         C 192.168.1.0/24 is directly connected, FastEthernet0/0
         O IA 192.168.2.0/24 [110/74] via 192.168.1.2, 00:03:33, FastEthernet0/0
         O IA 192.168.3.0/24 [110/74] via 192.168.1.3, 00:03:33, FastEthernet0/0




For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com   10   10
         The above outputs shown that Area 2 is a NSSA and the ABR is injecting a default route. We also
         see that no E1/E2 routes are seen on RouterE but the RouterC has the N2 routes which are shown as
         E2 on RouterA.
         The Final task requires us to configure Authentication between RouterA, RouterB and RouterC:
         RouterA(config)#interface fa0/0
         RouterA(config-if)#ip ospf authentication message-digest
         RouterA(config-if)#ip ospf message-digest-key 1 md5 mypassword
         RouterB(config)#interface fa0/0
         RouterB(config-if)#ip ospf authentication message-digest
         RouterB(config-if)#ip ospf message-digest-key 1 md5 mypassword
         RouterC(config)#interface fa0/0
         RouterC(config-if)#ip ospf authentication message-digest
         RouterC(config-if)#ip ospf message-digest-key 1 md5 mypassword
         Let's verify the OSPF interface configuration and see if the routing table is correct after applying
         authentication:
         RouterA#sh ip ospf interface
         FastEthernet0/0 is up, line protocol is up
           Internet Address 192.168.1.1/24, Area 0
           Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 10
           Transmit Delay is 1 sec, State DR, Priority 1
           Designated Router (ID) 1.1.1.1, Interface address 192.168.1.1
           Backup Designated router (ID) 3.3.3.3, Interface address 192.168.1.3
           Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
            oob-resync timeout 40
            Hello due in 00:00:04
           Supports Link-local Signaling (LLS)
           Index 1/1, flood queue length 0
           Next 0x0(0)/0x0(0)
           Last flood scan length is 0, maximum is 2
           Last flood scan time is 4 msec, maximum is 4 msec
           Neighbor Count is 2, Adjacent neighbor count is 2
            Adjacent with neighbor 2.2.2.2
            Adjacent with neighbor 3.3.3.3 (Backup Designated Router)
           Suppress hello for 0 neighbor(s)
           Message digest authentication enabled
            Youngest key id is 1
         RouterA#sh ip route
         --output truncated—
         Gateway of last resort is not set
             1.0.0.0/24 is subnetted, 1 subnets
         C      1.1.1.0 is directly connected, Loopback0
             172.16.0.0/24 is subnetted, 2 subnets
         C      172.16.1.0 is directly connected, Loopback1
         C      172.16.2.0 is directly connected, Loopback2
         O E2 192.168.4.0/24 [110/20] via 192.168.1.3, 00:02:10, FastEthernet0/0
             10.0.0.0/24 is subnetted, 3 subnets
         O E2 10.1.3.0 [110/20] via 192.168.1.3, 00:02:10, FastEthernet0/0

For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com    11     11
         O E2 10.1.2.0 [110/20] via 192.168.1.3, 00:02:10, FastEthernet0/0
         O E2 10.1.1.0 [110/20] via 192.168.1.3, 00:02:10, FastEthernet0/0
         C 192.168.1.0/24 is directly connected, FastEthernet0/0
         O IA 192.168.2.0/24 [110/74] via 192.168.1.2, 00:02:10, FastEthernet0/0
         O IA 192.168.3.0/24 [110/74] via 192.168.1.3, 00:02:10, FastEthernet0/0
         The above outputs show that authentication is enabled and routing table is correct after
         authentication has been applied. This means that the communication between the Routers is now
         secure.
         References:
         OSPF Design Guide
         http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml




For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com    12   12
          Thank You For Trying Our Demo




                     CCNP EXAM 642-902 Lab
                        Implementing Cisco IP Routing (ROUTE)

                         http://www.aonetesting.com/642-902 Lab.html

         If you have any questions or difficulties regarding this
         product, feel free to contact Us.
         For interactive and self-paced preparation of exam 642-902 Lab, try our
         practice exams. Practice exams also include self assessment and
         reporting features!




For interactive and self-paced preparation of exam 642-902 Lab, try our practice exams.
Practice exams also include self assessment and reporting features         http://www.aonetesting.com   13   13

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:147
posted:12/23/2010
language:English
pages:13
Description: For more and updated 642-902 Lab exam questions and answers visit aonetesting.com. They provide much type of 642-902 Lab exam preparation products to facilitate learning and success. All the products are provided with full technical support and money back guarantee.