Page 36

Volume 1 – Lab 2

IPexpert CCIE R&S Detailed Solutions Guide

Cat1 errdisable recovery cause psecure-violation errdisable recovery interval 10800

 The measurement is in seconds. 3600 seconds in an hour, times three should be 10,800. Cat1(config)#do sh errdisable recovery ErrDisable Reason Timer Status -----------------------------arp-inspection Disabled bpduguard Disabled channel-misconfig Disabled dhcp-rate-limit Disabled dtp-flap Disabled gbic-invalid Disabled l2ptguard Disabled link-flap Disabled mac-limit Disabled link-monitor-fail Disabled loopback Disabled oam-remote-failur Disabled pagp-flap Disabled port-mode-failure Disabled psecure-violation Enabled security-violatio Disabled sfp-config-mismat Disabled storm-control Disabled udld Disabled unicast-flood Disabled vmps Disabled Timer interval: 10800 seconds Interfaces that will be enabled at the next timeout:

 Looks good.

2.15

You have installed a Cisco® Intrusion Protection System on Fa0/7 of Cat1 and you would like to test out its functionality. Configure the Switch to take traffic that is received on VLAN300 and send a copy to your IPS.

 This will involve a few different pieces here. VLAN 300 is not really part of Cat1. Which means we need to be thinking not about Span Sessions, but REMOTE Span Sessions.  First, create a VLAN that we will use for the Remote Span sessions Cat1 VLAN 666 name IDS-VLAN remote-span exit

 Next, set up the span sessions where VLAN 300 exists.

60

Copyright © 2010 by IPexpert, Inc. All Rights Reserved.

v1500

R&S_Volume_1_DSG_v11.0_Lab2  

IPexpert’s Detailed Solution Guide for the Cisco® CCIE™ v4 Routing & Switching Lab Exam Volume 1 At the beginning of each section, you w...