Hcie-r&s Lab Mock Exam 2

HCIE-R&S Mock Exam 2

INTERNAL

HCIE-R&S Lab Mock Exam 2

2016-7-21

Huawei Confidential

Page 1, Total 12


2016-7-21

Huawei Confidential

INTERNAL

Page 2, Total 12


2016-7-21

Huawei Confidential

INTERNAL

Page 3, Total 12


INTERNAL

Test Questions: (Y Represents the Rack Number, and X Represents the Equipment Number) 1.

Section 1: Layer 2 Technologies

1.1 VLAN 

Create VLANs 4, 5, 27, 42, 58 and 255 on switches SW1, SW2, SW3 and SW4. SW1-SW4: vlan batch 4 to 5 27 42 58 255



Add the following access interfaces to VLANs VLAN

Switch

Interfaces

4

SW2

Eth0/0/4

5

SW1

Eth0/0/5

SW4

Gi0/0/1, Gi0/0/2

SW1

Eth0/0/2

SW3

Gi0/0/1

SW1

Eth0/0/4

SW2

Eth0/0/20

58

SW2

Eth0/0/5

255

SW1

Eth0/0/1, Eth0/0/3, Eth0/0/6, Gi0/0/1, Gi0/0/2

SW2

Eth0/0/22

SW3

Eth0/0/20

27

42

.

1.2 Link Aggregation 

The E0/0/11 and E0/0/12 interfaces linking SW1 and SW2 should be combined to form a single logical link, using a dynamic mode and implementing load balancing.

 

Set the interface rate on these links to 10 Mbit/s. Ensure the maximum bandwidth on the link between SW1 and SW2 is 20Mbps.

1.3 Mirroring 

2016-7-21

Incoming and outgoing traffic on G0/0/2 of SW4 should be copied to G0/0/1 for analysis.

Huawei Confidential

Page 4, Total 12


INTERNAL

1.4 ffic Filtering 

Configure G0/0/1 on SW3 to allow only packets with the SOURCE-MAC address of 54-89-98-CF-2B-0B.

1.5 Trunk 

All links between switches SW1, SW2, SW3 and SW4 should be configured as trunk interfaces. Only VLANs 2 to 4094 should be allowed to pass across these links.

1.6 MSTP Switches SW1, SW2, SW3 and SW4 run MSTP as follows. 

VLANs 4, 5 and 27 are in instance 10, VLANs 42, 58 and 255 are in instance 20. Set the MST region name to huawei and revision-level to 10.



Spanning tree path cost calculations, should use Huawei proprietary values.



Configure SW1 to be root for instance 10 and SW2 to be root for instance 20.



Unauthorized switches that connect to G0/0/1 of SW3 must be prevented from taking over as root bridges.

1.7 Hub-and-Spoke 

R1, R5 and R3 use Frame Relay (FR) encapsulation and are connected in “hub and spoke” mode with R3 as the hub. Connect R3 to R1 and R5 using P2P sub-interfaces.



Traffic between R1 and R5 must pass through R3.



Only the DLCIs and IP addresses shown in the topology may be used. Your configuration should take into account that IS-IS will need to run over these links.



Automatic FR mapping between layer 2 and layer 3 must be disabled.



Spoke devices may not send any multicast traffic to the hub.

1.8 Point-to-Point 

The link between R3 and R4 should be configured as FR point to point.



Static layer 3 to layer 2 mapping may not be used on R3 or R4.



Automatic FR mapping between layer 2 and layer 3 must be disabled. On R3 and R4.



Only the interfaces, DLCIs and IP addresses shown in the topology can be used.

1.9 FR 

Perform the necessary configuration on R6 to ensure the following output can be displayed: [R6]display fr map-info Map Statistics for interface Serial1/0/1 (DTE) DLCI = 116, IP 157.68.1.254, Serial1/0/1 create time = 2013/09/03 16:54:33, status = ACTIVE

2016-7-21

Huawei Confidential

Page 5, Total 12


INTERNAL

encapsulation = ietf, vlink = 1, broadcast

1.10 PPP

2.



R4 and R5 are connected through a pair of serial links, which should be combined using a suitable mechanism to make best use of the bandwidth.



Only the specified IP network may be used for this link.

Section 2: IGP

2.1 Basic Configurations 

When implementing IP addressing, replace Y with your rack number and replace X with the device number. For example the device numbers of R1, R2, SW1 and SW2 are 1, 2, 11 and 22. The IP addresses on all physical interfaces use 24-bit masks. All routers have Loopback0 interfaces with an IP address of 10.Y.X.X and a 32-bit mask.



Configure IP addresses on device interfaces as per the information in the IPv4 logical topology diagram. SW1 VLAN interfaces 27 and 5 should be assigned IP addresses 10.1.22.11/24 and 10.1.21.11/24 respectively. SW2 VLAN interfaces 5, 58 and 255 should be assigned IP addresses 10.1.21.22/24, 10.1.52.22/24 and 157.68.3.22/24 respectively. SW4 VLAN interface 4 should be assigned IP address 10.1.44.44/24. The router ID of all routers should be set to the IP address of Loopback0.

2.2 RIP 

R4 should run RIPv2 on G0/0/0, summarization should be disabled.



Enable MD5 authentication for RIP update packets, use a password of HW, the IETF defined format for authentication packets should be used.

2.3 OSPF Basic Configurations 

R5 G0/0/1, R2 G0/0/0, SW1 VLAN interfaces 5 and 27 and SW2 VLAN interfaces 5 and 58 are in OSPF area 1. Set the OSPF process ID to Y.



Loopback0 interfaces of R2 and R5 are in OSPF area 1. Ensure they are advertised with the full 24-bit mask.

2.4 OSPF Optimization 

Set the cost of all OSPF interfaces to 10.



Configure MD5 authentication in OSPF area 1, use a password of HW, and do not use the “ospf authentication-mode” command.

2.5 OSPF BFD 

2016-7-21

Implement BFD in OSPF to detect peer failures in less than 1 second. You may not use the “ospf bfd enable” command.

Huawei Confidential

Page 6, Total 12


INTERNAL

2.6 IS-IS Basic Configurations 

Configure IS-IS with a process ID of Y on routers R1, R3, R4, R5 and R6. All devices belong to area 49.0001 and have a system ID of 0000.0000.000X..



IS-IS should be enabled on the FR link between R3 and R4.



IS-IS should be enabled on the FR links from R3 to R1 and R5.



IS-IS should be enabled on G/0/0 of R1, R3 and R6.



IS-IS should be enabled on the PPP links from R1 to R3 and R4 to R5.



The Loopback0 networks of R1, R3, R4 and R6 should also be added to IS-IS.

2.7 IS-IS Optimization 

The FR link between R1 and R3 should be used as the primary path. Configure R1 to switch to the PPP link 3s after it detects that the FR link is down.

2.8 IS-IS Authentication 

Configure MD5 authentication for SNPs and LSPs in the IS-IS area and set the password to HW.

2.9 IGP Import 

Configure full mutual route import between RIP and IS-IS, R4 should summarize the 10.1.X.X addresses and set the tag to 100. The tag of RIP routes imported into the IS-IS area should be set to 200.



R5 should generate default routes in both OSPF and IS-IS.



To ensure that the entire network interworking

3. Section 3: EGP 3.1 BGP Neighbor 

BGP AS numbers are shown in the “IPv4 BGP topology” diagram. Use physical interface addresses to establish BGP peer relationships between SW1 and SW2, between SW2 and R5, between R6 and BB1 (157.68.1.254), between R6 and BB3 (157.68.3.254), between R1 and BB3 (157.68.3.254) and between R3 and BB3 (157.68.3.254).

3.2 BGP Peer Relationship Optimization 

Establish an IBGP peer relationship, using the IP addresses of the directly connected interfaces between R3 and R5.



R3 acts as a RR for the remaining routers in AS 100. To reduce resource usage in R3 uses a peer group. The community attribute should be propagated between group members.



The peer group configuration should include two new routers, which will be added, with router IDs of 10.1.9.9 and 10.1.10.10. Your configuration should take into account that these routers have not been deployed yet.

2016-7-21

Huawei Confidential

Page 7, Total 12




INTERNAL

R6 should set the next hop address of learned routes to its own IP address.

3.3 BGP Security 

Establish an EBGP peer relationship between R4 and BB2 (157.68.2.254). BB2 must think that R4 is in AS number 200, configuring authentication, and set the password to HUAWEI.

3.4 BGP Filtering 

Assume BB2 is configured to deny prefixes from ASs except AS 200 and AS 100. To ensure connectivity from BB2 to other ASs, change the AS Path in R4.

3.5 BGP Optimization 

R5 G0/0/0 and R4 G0/0/1 should be advertised by BGP.



Traffic towards R5 G0/0/0 and R4 G0/0/1 from AS 11 should be forwarded through BB1 and R6 as the primary path. The MED attribute may not be used to achieve this.

3.6 BGP AS Control 

AS 65530 managed by AS 100 is a private AS number. When BGP updates are sent from AS 100, the AS Path cannot carry the private AS number. AS path filtering may not be used to achieve this.

3.7 BGP Aggregation 

On R4, aggregate 24 bit prefixes starting with 222.22 and having a community of 22:22 to 222.22.0.0/16.



The aggregated route may only appear in AS 100 and the original community value must be retained.

4. Section 4: IP Multicast 4.1 PIM 

Enable multicast routing on R1, R3, R4, and R5.

 Enable PIM-SM on the Ethernet link between R1 and R3, the Frame Relay network between R3 and R4, and interconnected interfaces between R4 and R5. 

Enable PIM-SM on the loopback interfaces of R1, R3, R4, and R5.

4.2 RP Redundancy  Use the IP address of loopback 0 on R1 as a C-RP address to serve group addresses 232.0.0.0-235.255.255.255. 

Use the IP address of loopback 0 on R3 as a C-BSR address.



Ensure that R5 can learn the RP address.

2016-7-21

Huawei Confidential

Page 8, Total 12


INTERNAL

4.3 IGMP 

Enable IGMP on G0/0/0 of R5 and statically bind the interface to group 235.10.10.10.



Change the RPT-to-SPT switchover threshold to ensure that an RPT-to-SPT switchover will occur when the traffic rate exceeds 64 kbps.



Ensure that R5 can receive multicast traffic from the RP.



Ensure that R1 will be elected as the PIM DR in VLAN 255.

5. Section 5:MPLS VPN 5.1 MPLS 

Enable MPLS on R1, R3, and R4, and use the IP address of Loopback0 as the LSR ID.



Enable label switching on the links between R1 and R3 and between R3 and R4. Disable label switching on all other links.

5.2 VPN-Instance 

On R1: create a VPN instance TEST_R1, and set both RD and RT to 100:11. Create Loopback1 and set its address to 192.168.100.11/32. Loopback1 belongs to TEST_R1.



On R3: create a VPN instance TEST_HUB, and set both RD and export RT to 100:33. Create Loopback1 and set its address to 192.168.100.33/32. Loopback1 belongs to TEST_HUB.



On R4: create a VPN instance TEST_R4, and set both RD and export RT to 100:44. Create Loopback1 and set its address to 192.168.100.44/32. Loopback1 belongs to TEST_R4.

5.3 MP-BGP 

Use the VPNv4 address family for BGP connections among R1, R3, and R4.



Set the import RT for each VPN instance on R1, R3, and R4 to ensure that TEST_HUB on R3 can communicate with TEST_R1 on R1 and TEST_R4 on R4 while TEST_R1 on R1 and TEST_R4 on R4 remain isolated from each other.



The VPN connection between R1 and R3 is not interrupted so long as there is a reachable route between them.

2016-7-21

Huawei Confidential

Page 9, Total 12


6.

INTERNAL

Section 6: QoS 6.1 Traffic Classification 

Configure G0/0/0 of R4 to re-mark the priority values of 46 and above on received data packets to 45. Other values must remain unchanged; a traffic policy may not be used.



Configure SW3 E0/0/13 to mark received frames in VLAN 42 with an 802.1p priority of 4.



Configure SW3 E0/0/11 to mark received frames in VLAN 58 with an 802.1p priority of 2.

6.2 Traffic Policing 

Configure SW4 E0/0/11 to police inbound traffic in VLAN 255to a rate of 200kbps, packets exceeding this rate should be discarded. Forwarded packets should be marked with an 802.1p priority of 3.



Enable traffic statistics collection.

6.3 Traffic Shaping 

Three types of traffic is being received from R4, data traffic with a 802.1p value of 2, video traffic with a 802.1p value of 5 and voice traffic with a 802.1p value of 6.



The outbound link to R4 should be shaped to 8Mbps. Outbound traffic should be placed in interface queues according to the 802.1p values received.



Set the scheduling mode for the link to R4 to WFQ for queues 0 to 5 and PQ for queue 6 and queue 7. The queue serving data traffic should be shaped to 2Mbps, the video queue shaped to 4Mbps and the voice queue shaped to 256 kbps.

7. Section 7: Security 7.1 Traffic Suppression 

VLAN 255 on SW3 is receiving excessive broadcast traffic. Configure SW3 to discard broadcast packets when their rate exceeds 500 kbit/s.



On SW4 E0/0/11, limit the rate of ICMP packets to 20 pps,



The network connected to E0/0/11 of SW4 is suffering serious transmission delays. The administrator finds that E0/0/11 has received a large number of unknown unicast and multicast packets. Take measures to reduce these delays. The interface must be blocked when the packet rate exceeds 5000 ps and unblocked when packet rate is lower than 3000 ps. Enable the log function and set the detection interval to 90 seconds.

2016-7-21

Huawei Confidential

Page 10, Total 12


INTERNAL

7.2 DHCP 

Configure SW1 to allocate IP addresses to clients connected to VLANIF 27. The address of the network segment is 10.1.22.0/24; addresses 10.1.22.2 and 10.1.22.11 are reserved. The DNS server is 10.1.22.254 and the lease is 2 days.



The DHCP server should probe an IP address before allocating it to a client, the maximum number of probe packets sent by the DHCP server should be 10 and the waiting time to 100ms.



Enable DHCP snooping in VLAN 27 on SW3 to prevent unauthorized DHCP servers disrupting the network.

7.3 ARP Security 

Configure defense against man-in-the-middle attacks in VLAN 27 on SW3.



E0/0/0 of R6 has received a large number of IP packets with unresolvable destination IP addresses. These packets are sent from 157.68.3.100. Each second, R6 can only accept a maximum of 40 ARP Miss messages from this IP address and 20 ARP Miss messages from each of the other source IP addresses. In addition, make sure to avoid the fake ARP packets that will incorrectly update R6's ARP table.

7.4 IPSG 

Configure defense against source address spoofing attacks from VLAN 27 of SW3.



SW3 should discard IP packets with the same source and destination IP addresses.

7.5

Attack Protection Interface G0/0/0 on R6 has received flooding packets. Take measures on R6 to address this problem by limiting both the rate of received TCP SYN packets and rate of ICMP flooding packets to 15000 bit/s each.

8.

Section 8: IP Feature 8.1 Packet Analysis 

The customer wants to obtain incoming and outgoing traffic on G0/0/0 of R2 within 100s and view traffic information on a terminal. Use the HyperTerminal to record the output within 100 ms and display the information.

8.2 VRRP 

2016-7-21

Add R1 and R3 to a VRRP group with IP address 157.68.3.102. Set R1 to master and preemption delay to 10 seconds. To lessen fault impact on services, configure ICMP on R1 to monitor packets on R5's S1/0/1 and set the detection interval to 20 seconds. When the packet rate reaches 80%, an active/standby switchover occurs in the VRRP group.

Huawei Confidential

Page 11, Total 12


INTERNAL

8.3 Network Management 

Configure the information center on R3. Output the error messages of the ping module to the log buffer. Use the default channel.



The network management system uses SNMP to monitor BGP on R1. Configure R1 to output the error messages of the BGP module to the server with name SNMPHOST and IP address 157.68.3.101. Use the default channel. Set the user group name to testgroup and user name to testuser. Use SHA authentication, set the password to password, and set the name of trap source to SNMPV3. To avoid impacting service traffic, allow the NMS server to monitor R1 only between 7:00-21:00 on weekends.

8.4 SSH 

Set up secure login for users to VTY 0-4 of R6 through R3. The listening port of R6 is port 1025. Ensure that SFTP and SCP are supported. Use password authentication and set user name to R3, password to Hellow, and update interval to 24 hours. Give the R3 administrator all configuration rights on R6.

8.5 NTP 

2016-7-21

R6 has synchronized with the standard clock. Configure the R3 clock to synchronize with R6. Set the clock stratum to 5, encrypt NTP broadcast traffic on the LAN with hmac-sha256, set key ID to 16, and set the password to Hello.

Huawei Confidential

Page 12, Total 12

Hcie-r&s Lab Mock Exam 2

Recommend Documents