Does anyone have the initial config topologies built for the INE CCIE R&S v5 advanced technologies labs?
If not I am going to start building them out but figured Id first.
INE CCIE Topologies
Moderator: mike
-
SunGodRa
- Posts: 1
- Joined: Fri Nov 03, 2017 6:43 am
Re: INE CCIE Topologies
I am building them out myself now. How did you plan to configure the switch that acts as the cloud/ISP?
One thing I liked about GNS3 is that I didn't have to configure the switch. It just instantly passed the traffic from all the routers. That doesn't seem to be the case with EVE. I am trying to come up with a simple configuration that won't need much changing as I switch between different topics in the INE workbook.
Edit: Nevermind. Found the option for bridges/clouds
One thing I liked about GNS3 is that I didn't have to configure the switch. It just instantly passed the traffic from all the routers. That doesn't seem to be the case with EVE. I am trying to come up with a simple configuration that won't need much changing as I switch between different topics in the INE workbook.
Edit: Nevermind. Found the option for bridges/clouds
-
Uldis (UD)
- Posts: 5081
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: INE CCIE Topologies
such way please 
UD
UD
You do not have the required permissions to view the files attached to this post.
-
Uldis (UD)
- Posts: 5081
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
-
jewell2j
- Posts: 1
- Joined: Fri Dec 01, 2017 2:45 am
Re: INE CCIE Topologies
Here is my INE Topology. It has worked flawlessly with the INE Workbooks. The BREAKOUT switch config is as follows:
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname BREAKOUT
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone EET 2 0
!
!
!
!
!
!
!
!
no ip domain-lookup
ip cef
ipv6 multicast rpf use-bgp
no ipv6 cef
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/1
switchport mode dot1q-tunnel
!
interface Ethernet0/2
switchport mode dot1q-tunnel
!
interface Ethernet0/3
switchport mode dot1q-tunnel
!
interface Ethernet1/0
switchport mode dot1q-tunnel
!
interface Ethernet1/1
switchport mode dot1q-tunnel
!
interface Ethernet1/2
switchport mode dot1q-tunnel
!
interface Ethernet1/3
switchport mode dot1q-tunnel
!
interface Ethernet2/0
switchport mode dot1q-tunnel
!
interface Ethernet2/1
switchport mode dot1q-tunnel
!
interface Ethernet2/2
switchport mode dot1q-tunnel
!
interface Ethernet2/3
shutdown
!
interface Ethernet3/0
shutdown
!
interface Ethernet3/1
shutdown
!
interface Ethernet3/2
shutdown
!
interface Ethernet3/3
shutdown
!
interface Ethernet4/0
shutdown
!
interface Ethernet4/1
shutdown
!
interface Ethernet4/2
shutdown
!
interface Ethernet4/3
shutdown
!
interface Ethernet5/0
shutdown
!
interface Ethernet5/1
shutdown
!
interface Ethernet5/2
shutdown
!
interface Ethernet5/3
shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname BREAKOUT
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone EET 2 0
!
!
!
!
!
!
!
!
no ip domain-lookup
ip cef
ipv6 multicast rpf use-bgp
no ipv6 cef
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/1
switchport mode dot1q-tunnel
!
interface Ethernet0/2
switchport mode dot1q-tunnel
!
interface Ethernet0/3
switchport mode dot1q-tunnel
!
interface Ethernet1/0
switchport mode dot1q-tunnel
!
interface Ethernet1/1
switchport mode dot1q-tunnel
!
interface Ethernet1/2
switchport mode dot1q-tunnel
!
interface Ethernet1/3
switchport mode dot1q-tunnel
!
interface Ethernet2/0
switchport mode dot1q-tunnel
!
interface Ethernet2/1
switchport mode dot1q-tunnel
!
interface Ethernet2/2
switchport mode dot1q-tunnel
!
interface Ethernet2/3
shutdown
!
interface Ethernet3/0
shutdown
!
interface Ethernet3/1
shutdown
!
interface Ethernet3/2
shutdown
!
interface Ethernet3/3
shutdown
!
interface Ethernet4/0
shutdown
!
interface Ethernet4/1
shutdown
!
interface Ethernet4/2
shutdown
!
interface Ethernet4/3
shutdown
!
interface Ethernet5/0
shutdown
!
interface Ethernet5/1
shutdown
!
interface Ethernet5/2
shutdown
!
interface Ethernet5/3
shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
You do not have the required permissions to view the files attached to this post.
-
Uldis (UD)
- Posts: 5081
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: INE CCIE Topologies
Nice,
optimizing this lab, even tunnels no need here nor that switch,
INE full working topo looks like this:
vSwitch is simple bridge network added in the topology.
UD
optimizing this lab, even tunnels no need here nor that switch,
INE full working topo looks like this:
vSwitch is simple bridge network added in the topology.
UD
You do not have the required permissions to view the files attached to this post.
-
jolinamcconaughey
- Posts: 1
- Joined: Tue Dec 05, 2017 8:58 am
Re: INE CCIE Topologies
One issue I favored approximately GNS3 is that I did not need to configure the transfer. It just immediately surpassed the site visitors from all the routers. that does not seem to be the case with EVE.
-
fe007
- Posts: 15
- Joined: Thu Sep 07, 2017 11:15 am
Re: INE CCIE Topologies
Hi Uldis.Uldis (UD) wrote: ↑Fri Dec 01, 2017 11:45 amNice,
optimizing this lab, even tunnels no need here nor that switch,
INE full working topo looks like this:
vSwitch is simple bridge network added in the topology.
UD
What image did you use for the routers?
I tried the CSR1000V as recommended by INE but I always have issues with the DMVPN between R1-R5 no matter what lab I'm currently using. I don't have this issue with vIOS or c7200.
I would also like to save each lab config in each of the routers to make it easy to switch between configs eg. basic.ip.addressing.cfg --> config replace flash:basic.ip.addressing.
But this can only be done on the CSR.
Example of the error:
Code: Select all
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R2#
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
R2#YPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
R2#YPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 169.254.100.5 failed its sanity check or is malformed
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.5 was not encrypted and it should've been.
%Code: Select all
R5#
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.2 was not encrypted and it should've been.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.2 was not encrypted and it should've been.
R5#
%IOSXE-3-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:000 TS:00000000320457130240 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 9, src_addr 169.254.100.2, dest_addr 169.254.100.5, SPI 0x9ddfdc7e
R5#
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=169.254.100.5, prot=50, spi=0xE9F3C558(3925067096), srcaddr=169.254.100.4, input interface=Tunnel0
R5#
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 169.254.100.4 was not encrypted and it should've been.Code: Select all
R1#
%LINK-3-UPDOWN: Interface GigabitEthernet1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, changed state to up
R1#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R1#
%IOSXE-3-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:000 TS:00000000319026137229 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 5, src_addr 169.254.100.5, dest_addr 169.254.100.1, SPI 0x216cec54
R1#
%IOSXE-3-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:000 TS:00000000417406376424 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 5, src_addr 169.254.100.5, dest_addr 169.254.100.1, SPI 0x216cec54
R1#-
Uldis (UD)
- Posts: 5081
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: INE CCIE Topologies
CSR 3.17.4
and RAM for node must be 3072M
and RAM for node must be 3072M
-
fe007
- Posts: 15
- Joined: Thu Sep 07, 2017 11:15 am
Re: INE CCIE Topologies
Doesn't work. I have that version.
Still getting the Crypto errors. Also tried using 4096 RAM.
Still getting the Crypto errors. Also tried using 4096 RAM.