Junos Cup 2014
Highlighted
Junos Cup 2014

Tie Breaker Challenge: Antarctica Port Mirroring

[ Edited ]
‎07-15-2014 01:24 PM

The competition is officially closed so no prizes will be awarded for the solution but feel free to test your skills on this tie-breaker challenge. 

 

Challenge Author: Alexander Arseniev

Country Flag: Antarctica

Type: Enterprise Difficulty: High (2 points)

 

Technical Description:

With just one set configuration command at the router of your choice, ensure that when you ping from R1 to the ge-­‐0/0/2 interface of R3, the ICMP echo reply packets are mirrored towards H.

 

Topology:

 

ANTARCTICA.jpg

 

Challenge Instructions:

 

For this challenge, you need to start the topology called: “ANTARCTICA – Port Mirroring”.

 

Run ping from R1 towards the ge-­‐0/0/2 interface of R3:

 

juniper@R1> ping 198.20.1.1     

 

Initially, it fails with message “No route to host”. You need to fix it so that:

 

-­‐     The ping command succeeds.

-­‐     R3 actually answers with ICMP echo replies.

-­‐     R1 mirrors the echo reply packets towards H

 

Once the issue is fixed, you should see the ICMP reply packets arriving at H:

 

juniper@SNIFFER> show firewall log     Log :

Time     Filter   Action Interface    Protocol       Src Addr                        Dest Addr 03:51:06 pfe      A     ge-­‐0/0/1.0   ICMP           198.20.1.1                     198.18.1.1

03:51:06 pfe      A     ge-­‐0/0/1.0   ICMP           198.20.1.1                     198.18.1.1

03:51:06 pfe      A     ge-­‐0/0/1.0   ICMP           198.20.1.1                     198.18.1.1

03:51:05 pfe      A     ge-­‐0/0/1.0   ICMP           198.20.1.1                     198.18.1.1

 

 

You need to accomplish the task above with just one set command on one router (you need to figure out which one):

 

configure

set <command1> commit and-­‐quit

/* You may need to wait for some time after commit, */

/* from a few seconds up to 2 or 3 minutes       */

 

Make sure that you log in with username juniper, and respect its privilege limitations (some parts of the configuration are neither accessible nor visible).

 

You must meet the following conditions:

 

-­‐     The solution must be permanent. Once it is fixed, it remains fixed with no user intervention for an unlimited amount of time.

-­‐     Any configuration added/removed on SNIFFER does not count towards the solution.

-­‐     You are not allowed to use wildcards, configuration groups, or op/event/commit-­‐ scripts.

 

Julie Wider
Advocacy Manager
Twitter: @JNetCommunity & @jawider