Exam 300-410 All QuestionsBrowse all questions from this exam
Go to Exam
Question 467

SIMULATION

-

Guidelines

-

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Do not replace existing routing policies or configurations.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Topology

-

Tasks

-

Configure individual VRFs for each customer according to the topology to achieve these goals:

1. VRF “cu-red” has interfaces on routers R1 and R2. Both routers are preconfigured with IP addressing, VRFs, and BGP. Do not use the BGP network statement for advertisement.

2. VRF “cu-green” has interfaces on routers R1 and R2.

3. BGP on router R1 populates VRF routes between router R1 and R2.

4. BGP on router R2 populates VRF routes between router R1 and R2.

5. LAN to LAN is reachable between SW1 and SW3 for VRF “cu-red” and between SW2 and SW4 for VRF “cu-green”’. All switches are preconfigured.

    Correct Answer:

Discussion
HungarianDish

This sim was the same on the real exam, and got full score for it. All three labs (vrf, ospf, dmvpn) were evaluated.

chaba7654321

Had this lab on the exam. Simple config provided by Hungariandish below is correct. No MPLS stuff needed, also both vrf's are fully configured on both routers already. All that is needed is assigning all interfaces to the vrf's, configuring the dot1q trunk between the routers, and BGP config

[Removed]

Okay, so I did the following as the most simple solution I could think of. Router-2 vrf definition cu-red address-family ipv4 unicast rd 65000:1 ! vrf definition cu-green address-family ipv4 unicast rd 65000:2 ! interface e0/0 description To SW-1 vrf forwarding cu-red ip add 192.168.2.254 255.255.255.0 no shut ! interface e0/1 description To SW-2 vrf forwarding cu-green ip add 192.168.22.254 255.255.255.0 no shut ! interface e0/2 description To R-1 no shut ! interface e0/2.100 description To R-1 E0/2.100 CU-RED vrf forwarding cu-red ip address 10.10.10.2 255.255.255.252 no shut ! interface e0/2.200 description To R-1 E0/2.200 CU-GREEN vrf forwarding cu-green ip address 10.10.20.2 255.255.255.252 no shut ! router bgp 65000 bgp router-id 2.2.2.2 address-family ipv4 vrf cu-red redistribute connected neigh 10.10.10.10.1 remote-as 65000 address-family ipv4 vrf cu-green redistribute connected neigh 10.10.10.20.1 remote-as 65000

[Removed]

Continued... Router-1 vrf definition cu-red address-family ipv4 unicast rd 65000:1 ! vrf definition cu-green address-family ipv4 unicast rd 65000:2 ! interface e0/0 description To SW-3 vrf forwarding cu-red ip add 192.168.1.254 255.255.255.0 no shut ! interface e0/1 description To SW-4 vrf forwarding cu-green ip add 192.168.20.254 255.255.255.0 no shut ! interface e0/2 description To R-2 no shut ! interface e0/2.100 description To R-2 E0/2.100 CU-RED vrf forwarding cu-red ip address 10.10.10.1 255.255.255.252 no shut ! interface e0/2.200 description To R-2 E0/2.200 CU-GREEN vrf forwarding cu-green ip address 10.10.20.1 255.255.255.252 no shut ! router bgp 65000 bgp router-id 1.1.1.1 address-family ipv4 vrf cu-red redistribute connected neigh 10.10.10.10.2 remote-as 65000 address-family ipv4 vrf cu-green redistribute connected neigh 10.10.10.20.2 remote-as 65000

[Removed]

Switches should have a default-route to the R-1 or R-2 directly connected routed interface, for lab purposes. Not sure what the lab will be like. SW-1 ip route 0.0.0.0 0.0.0.0 192.168.2.254 ! SW-2 ip route 0.0.0.0 0.0.0.0 192.168.22.254 ! SW-3 ip route 0.0.0.0 0.0.0.0 192.168.1.254 ! SW-4 ip route 0.0.0.0 0.0.0.0 192.168.20.254

dapardo

Hi Everyone, I presented my exam yestarday, it was a little bit challenging and there are new questions but I pass. I have this lab on my exam I would recommend to create all of this environment and make it work properly. Create the vrfs as cu-red and cu-green. Once you labbed it if it works thats the way you should follow on your exam. I could say that the configuration provided by Removed is accurate.

Coffee_bean_master

Here the thing though, the switches are not VRF aware. Unless I am missing something, how are the packets from one switch that is not VRF aware going to get to the other side if there are two sub interfaces with VRFs between the two routers? What I had to do, to not have the switches be VRF aware and still get ICMP to work, was to filter VRF routes into the global routing table on both routers.

Coffee_bean_master

RTR1 to SW1 interface Ethernet0/0 ip vrf receive RED ip address 192.168.2.254 255.255.255.0 ip policy route-map VRF duplex auto ! ip route 10.10.10.0 255.255.255.252 Ethernet0/2.100 ip route 10.10.20.0 255.255.255.252 Ethernet0/2.200 ip route 192.168.22.0 255.255.255.0 Ethernet0/2.200 ip route 192.168.2.4 255.255.255.0 Ethernet0/2.100 ! ! route-map VRF permit 10 match ip address 101 ! ! access-list 101 permit ip 10.10.10.0 0.0.0.3 192.168.2.0 0.0.0.255 access-list 101 permit ip 10.10.20.0 0.0.0.3 192.168.22.0 0.0.0.255 ! RTR1 to SW2 interface Ethernet0/1 ip vrf receive GREEN ip address 172.16.1.2 255.255.255.252 ip policy route-map VRF duplex auto

Coffee_bean_master

This was able to let me ping from switch 1 to 3 without needing make them VRF aware. This was done on both routers with their respective ip addressing. The switches already come preconfigured and have a default static route leaving to the router they're connected to.

Commando1664

Is MPLS needed in this? I can achieve the requirements with VRF-Lite and BGP address family for each VRF.

[Removed]

Labbed this and came to the same solution as Hungarian Dish.

HungarianDish

We do not need to set mpls ip, route target and bgp address-family vpnv4 for this. Just simple VRF-Lite (+ route distinguisher because the IOS prompts to use it, only locally significant).

HungarianDish

R1 R1#sh run ip vrf GREEN rd 2:2 ! ip vrf RED rd 1:1 ! interface GigabitEthernet0/0 ip vrf forwarding RED ip address 192.168.1.254 255.255.255.0 ! interface GigabitEthernet0/1 ip vrf forwarding GREEN ip address 192.168.20.254 255.255.255.0 ! interface GigabitEthernet0/2 no ip address ! interface GigabitEthernet0/2.100 encapsulation dot1Q 100 ip vrf forwarding RED ip address 10.10.10.1 255.255.255.252 ! interface GigabitEthernet0/2.200 encapsulation dot1Q 200 ip vrf forwarding GREEN ip address 10.10.20.1 255.255.255.252 ! router bgp 65000 bgp router-id 1.1.1.1 bgp log-neighbor-changes ! address-family ipv4 vrf GREEN redistribute connected neighbor 10.10.20.2 remote-as 65000 neighbor 10.10.20.2 activate exit-address-family ! address-family ipv4 vrf RED redistribute connected neighbor 10.10.10.2 remote-as 65000 neighbor 10.10.10.2 activate exit-address-family

HungarianDish

Actually, VRF-lite is completely enough for this task. Example: https://www.packetcoders.io/cisco-ios-how-to-configure-vrf-lite/ R1 R1#sh run ! ip vrf green rd 1:200 ! ip vrf red rd 1:100 ! interface GigabitEthernet0/0 ip vrf forwarding red ip address 192.168.1.254 255.255.255.0 ! interface GigabitEthernet0/1 ip vrf forwarding green ip address 192.168.20.254 255.255.255.0 ! interface GigabitEthernet0/2 no ip address ! interface GigabitEthernet0/2.100 encapsulation dot1Q 100 ip vrf forwarding red ip address 10.10.10.1 255.255.255.252 ! interface GigabitEthernet0/2.200 encapsulation dot1Q 200 ip vrf forwarding green ip address 10.10.20.1 255.255.255.252 ! router bgp 65000 bgp router-id 1.1.1.1 bgp log-neighbor-changes ! address-family ipv4 vrf green redistribute connected neighbor 10.10.20.2 remote-as 65000 neighbor 10.10.20.2 activate exit-address-family ! address-family ipv4 vrf red redistribute connected neighbor 10.10.10.2 remote-as 65000 neighbor 10.10.10.2 activate exit-address-family

HungarianDish

R2#sh run ! ip vrf green rd 1:200 ! ip vrf red rd 1:100 ! interface GigabitEthernet0/0 ip vrf forwarding red ip address 192.168.2.254 255.255.255.0 ! interface GigabitEthernet0/1 ip vrf forwarding green ip address 192.168.22.254 255.255.255.0 ! interface GigabitEthernet0/2 no ip address ! interface GigabitEthernet0/2.100 encapsulation dot1Q 100 ip vrf forwarding red ip address 10.10.10.2 255.255.255.252 ! interface GigabitEthernet0/2.200 encapsulation dot1Q 200 ip vrf forwarding green ip address 10.10.20.2 255.255.255.252 ! router bgp 65000 bgp router-id 2.2.2.2 bgp log-neighbor-changes ! address-family ipv4 vrf green redistribute connected neighbor 10.10.20.1 remote-as 65000 neighbor 10.10.20.1 activate exit-address-family ! address-family ipv4 vrf red redistribute connected neighbor 10.10.10.1 remote-as 65000 neighbor 10.10.10.1 activate exit-address-family

HungarianDish

R2#sh ip bgp all su For address family: VPNv4 Unicast BGP router identifier 2.2.2.2, local AS number 65000 BGP table version is 7, main routing table version 7 6 network entries using 936 bytes of memory 8 path entries using 672 bytes of memory 2/2 BGP path/bestpath attribute entries using 336 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1944 total bytes of memory BGP activity 6/0 prefixes, 8/0 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.10.10.1 4 65000 6 6 7 0 0 00:01:39 2 10.10.20.1 4 65000 5 5 7 0 0 00:00:38 2

HungarianDish

sw1#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms sw1#ping 192.168.22.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.22.1, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) sw1#ping 192.168.20.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) sw1#

HungarianDish

The provided solution has missing parts: route distinguisher for the vrf configuration, dot1q encapsulation for the subinterfaces, ip address for the mpls interfaces, extended community for carrying route-targets for MP-BGP and MPLS VPN. Plus, routing needs to be configured on the switches for successful testing.

HungarianDish

I tested the scenario with this configuration in CML, and it worked: R1 ------------------------------------ ip vrf red rd 1:100 route-target both 65000:100 ip vrf green rd 1:200 route-target both 65000:200 int g0/0 ip vrf forwarding red ip address 192.168.1.254 255.255.255.0 no shu int g0/1 ip vrf forwarding green ip address 192.168.20.254 255.255.255.0 no shu int g0/2 no ip no shut int g0/2.100 enc dot1q 100 ip addr 10.10.10.1 255.255.255.252 mpls ip int g0/2.200 enc dot1q 200 ip addr 10.10.20.1 255.255.255.252 mpls ip router bgp 65000 bgp router 1.1.1.1 no synchronization bgp log-neighbor-changes no auto-summary neigh 10.10.10.2 remote 65000 neigh 10.10.20.2 remote 65000 address-family vpnv4 neigh 10.10.10.2 activate neigh 10.10.20.2 activate neigh 10.10.10.2 send-community extended neigh 10.10.20.2 send-community extended address-family ipv4 vrf red redist con address-family ipv4 vrf green redist con

HungarianDish

R2 ---------------------------------------- ip vrf red rd 1:100 route-target both 65000:100 ip vrf green rd 1:200 route-target both 65000:200 int g0/0 ip vrf forwarding red ip address 192.168.2.254 255.255.255.0 no shu int g0/1 ip vrf forwarding green ip address 192.168.22.254 255.255.255.0 no shu int g0/2 no ip no shut int g0/2.100 enc dot1q 100 ip addr 10.10.10.2 255.255.255.252 mpls ip int g0/2.200 enc dot1q 200 ip addr 10.10.20.2 255.255.255.252 mpls ip router bgp 65000 bgp router 2.2.2.2 no synchronization bgp log-neighbor-changes no auto-summary neigh 10.10.10.1 remote 65000 neigh 10.10.20.1 remote 65000 address-family vpnv4 neigh 10.10.10.1 activate neigh 10.10.20.1 activate neigh 10.10.10.1 send-community extended neigh 10.10.20.1 send-community extended address-family ipv4 vrf red redist con address-family ipv4 vrf green redist con

HungarianDish

SW1 (red) ----------- ip routing int g0/0 no switchport ip addr 192.168.2.1 255.255.255.0 no shu vlan 100 ip route 0.0.0.0 0.0.0.0 192.168.2.254 SW2 (green) ------------ ip routing int g0/1 no switchport ip addr 192.168.22.1 255.255.255.0 no shu vlan 200 ip route 0.0.0.0 0.0.0.0 192.168.22.254 SW3 (red) ------------ ip routing int g0/0 no switchport ip addr 192.168.1.1 255.255.255.0 no shu vlan 100 ip route 0.0.0.0 0.0.0.0 192.168.1.254 SW4 (green) ------------- ip routing int g0/1 no switchport ip addr 192.168.20.1 255.255.255.0 no shu vlan 200 ip route 0.0.0.0 0.0.0.0 192.168.20.254