pppoe

topology
Cisco(PPPOEServer)-Yamaha(PPPOEClient)


PPPOEServer
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!        
!        
!        
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username cisco password 0 cisco
archive
 log config
  hidekeys
!        
!
!
!
!
!
!
bba-group pppoe test
 virtual-template 1
!
bba-group pppoe test[]
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 pppoe enable group test
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Virtual-Template1
 mtu 1454
 ip address 200.200.200.1 255.255.255.0
 peer default ip address pool test1
 ppp authentication chap
!
ip local pool test1 200.200.200.2
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!        
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

















client
yamaha

# Memory 16Mbytes, 2LAN
ip lan1 address 10.10.10.10/24
pp select 1
pp always-on on
pppoe use lan2
pp auth accept chap
pp auth myname cisco cisco
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ccp type none
ip pp address 200.200.200.2/24
ip pp mtu 1454
pp enable 1
ip route default gateway pp 1
#

2+2

###########################################################

2+2

###########################################################




!!!1.1!!!
R1
int g0/1.11
no encapslation dot1q 11 native
encaps dot1q 11
ip address yy.yy.0.97 255.255.255.224

SW3
no monitor session all
int fa0/10
switchport access vlan 33
int vlan 33
ip add 150.3.yy.1 255.255.255.0



!!!1.2!!!

SW1
interface fa0/2
switchport mode access
swirchport access vlan 20

int fa 0/3
switchport mode access
switchport access vlan 20

int fa 0/4
switchport mode access
switchport access vlan 43

int fa0/5
switchport mode access
switchport access vlan 54

int vlan 12
ip add yy.yy.128.98 255.255.255.224
no shut


int vlan 51
ip add  yy.yy.0.129 255.255.255.224
no shut


int fa0/10
no switchport
ip add 150.1.yy.1 255.255.255.0



SW2
int fa0/2
switchport mode access
switchport acess vlan 234

int fa0/3
switchport mode access
switchport access vlan 300

int fa0/4
switchport mode access
switchport access vlan 54


int fa0/5
switchport mode access
switchport access vlan 51

int vlan 42
ip add yy.yy.128.129 255.255.255.224
no shut

int vlan 243
ip add yy.yy.128.163 255.255.255.224
no shut

int fa 0/10
no switchport
ip add 150.2.yy.1 255.255.255.0
no shut



SW3
int fa0/10
switchport mode access
switchport access vlan 33

int vlan 243
ip add yy.yy.128.161 255.255.255.224
no shut

int vlan 234
ip add yy.yy.128.195 255.255.255.224
no shut

int vlan 33
ip add 150.3.yy.1 255.255.255.0
no shut



SW4
int vlan 243
ip add yy.yy.128.194 255.255.255.224
no shut




!!!1.3!!!
SW1
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
int range fa0/19 - 24
udld port aggresive

SW2
spaning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
int range fa0/19 - 24
udld port aggressive

SW3
spanning-tree mode rapid-pvst
spanning-tree portfast bpdugurad default
int range fa0/19 - 24
udld port aggressive

SW4
spanning-tree mode rapid-pvst
spanning-tree portfast bpdugurd default
int range fa0/19 - 24
udld port aggresive


SW1
int range fa0/2 - 5
spanning-treeportfast

SW2
int range fa0/2 - 5
spaning-tree portfast

SW3
int range fa0/10
spanning-tree bpduguard disable




!!!1.4!!!
SW1
int range fa0/19 - 24
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
no sht
exit


SW2
int range fa0/19 - 24
switchport trunk encapslatio dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit



SW3
int range fa0/19 - 24
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit



SW4
int range fa0/19 - 24
switchport trunk enccapslaton dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit



SW1
int rane fa 0/19 - 20
channel-group 13 mode active
exit
int range fa 0/21 - 22
channel-group 14 mode active
exit
int range fa 0/23 - 24
channel-group 12 mode active
port-channel load-balanece dst-ip


SW2
int range fa0/19 - 20
channel-group 24 mode active
exit

int range fa0/21 - 22
channel-group 23 mode active
int range fa0/23-24
channel-group 23 mode active
exit
port-channel load-balance dst-ip





SW3
int range fa0/19
channel-group 13 mode active
exit
int range fa 0/21 - 22
channel-group 23 mode active
exit
int range fa0/23 - 24
channel-group 24 mode active
exit
port-channel load-balance dst-ip


SW4
int range fa0/19 20
channel-group 24 mode active
exit
int range fa0/21- 22
channel-group 14 mode active
exit
int range va 0/23 - 24
channel-group 34 mode active
exit
port-vhannel load-balance dst-ip


SW2
int fa0/1
switchport trunk encapslation dot1q
switchport mode trunk
switchport trunk allowed vlan 11,12
switchport nonegotiate
no shut
exit


R1
int fa0/1
no ip address
no shut
exit
int fa0/1.11
encapslatin dot1q
ip address yy.yy.0/65 255.255.255.224
no shut
exit
intfa0/1.12
encapslation dot1q 12
ip add yy.yy.128.97 255.255.255.224
no shut
exit




!!!1.5!!!
SW3
no monitor session all
monitor session 1 source intfa0/1 - 8 port-channel 13 both
monitor session 1 definition fa 0/11
SW1
mac adress-table aging-time 150 vlan 20



!!!1.7!!!
R5
frame-relay switching
int s0/0
encapslation frame-relay
frame-relay lmi-type cisco
frame-relay intf-ty dce
clock rate 64000
frame-relay roue 221 interface serial 0/1 223
no ip  address
no shut
exit
int s0/1
encapslation frame-relay
frame-relay lmi-type cisco
frame-relay lmi-type dce
clock rate 64000
frame-relay route 223 interfce serial 0/0 221
no ip address
no shut
exit

R1
interface serial 0/1
encapslation frame-relay inverse-arp
no arp frame-relay
no ip address nosshut
exit
int s0/1.221 point-to-point
no ip address
frame-relay interface-dlci 221 ppp virtual-template 1
exit
exit
interface multilink
ppp multilink
ppp multilink grpup 1
ip unnumbered lo 0
exit

interace virtual-template 1
ppp multilink
ppp multilink grpoup 1
exit



R3
interface serial 0/0
encapslation frame-relay
no frame-relay inverse arp
no arp frame-relay
no ip address
no shut
exit
intefrce s0/0.223 point--to-point
frame-relay interfce-dlci 223 ppp vitrual-template 1
exit

interfrace multilink 1
ppp multilink
ppp multilink group 1
ip unnumbered lo 0
exit
interfce virtual-template 1
exit
ppp multilink
ppp multilink group 1
exit

R2
interface fa 0/0
ip address yy.yy.128.255 255.255.255.224
no shut
exit
interface fa0/1
ip add yy.yy.128.193 255.255.255.224
no shut
exit
interface serial  0/1
encapslation ppp
ip unnumbered fa0/0
no shu
exit


R3
int fa0/0
ip add yy.yy.0.33 255.255.255.224
no shut
exit
int fa 0/1
ip add yy.yy.0.1 255.255.255.224
exit
int s0/1
encapslation ppp
ip unnumbered fa 0/1
clockrate 64000
no shut
exit


R4
int fa0/0
ip add yy.yy.128.130 255.255.255.224
no shut
exit
int fa0/1
ip add yy.yy.254.2 255.255.255.0
no shut
exit


R5
int fa0/0
ip add yy.yy.254.1 255.255.255.0
no shut
exit
int fa0/1
ip add yy.yy.0.130 255.255.255.224
no shut
exit




!!!2.1!!!
SW1
ip routing
router ospf yy
router-id yy.yy.7.7
network yy.yy.7.7 0.0.0.0 area 0
network yy.yy.128.98 0.0.0.0 area 0
network yy.yy.0.129 0.0.0.0 area 52
redisstribute connected subnets rroute-map bb1
default-information originate always
exit
route-map bb1 permit 10
match interface fa0/0
↓
!!!K2!!!
default-information originate always-metric type route-map moren
redistribute connected route-map bb1 metreic-type 1
ip access-list standaard moren
permit 150.1.1.0 0.0.0.255
route-map moren
match ip add moren
!!!K2!!!




R1
router ospf yy
router-id yy.yy.1.1
network yy.yy.1.1 0.0.0.0 area 0
network yy.yy.0.65 0.0.0.0 area 0
network yy.yy.128.97 0.0.0.0 area 0


R3
router ospf yy
router-id yy.yy.3.3
network yy.yy.3.3 0.0.0.0 area 0
network yy.yy.0.1 0.0.0.0 area 1
network yyy.yy.33 0.0.0.0 are 1
exit

R2
router ospf yy
router-id yy.yy.2.2
network yy.yy.2.20.0.0.0 area 1
network yy.yy.128.225 0.0.0.0 area 1
network yy.yy.128.193 0.0.0.0 area 1
exit


SW3
ip routing
router ospf yy
router-id yy.yy.9.9
network yy.yy.9.9 0.0.0.0 area 1
networrk yy.yy.128.195 0.0.0.0 area 1
network 128.161 0.0.0.0 area 1
exit

SW4
ip routing
router ospf yy
router-id yy.yy.10.10
yy.yy.10.10 0.0.0.0 area 1
network yy.yy.10.10 0.0.0.0area 1
network yy.yy.128.194 0.0.0.0 area 1
network yy.yy.128.162 0.0.0.0 area 1
exit

SW2
ip routing
router ospf yy
router-id yy.yy.8.8
network yy.yy.8.8 0.0.0.0 area 1
network yy.yy.128.129 0.0.0.0 ara 1
network yy.yy.128.163 0.0.0.0 area 1
redisrtribuute connected route-map bb2
default-information originate always
exit
route-map bb2 permit 10
match interfce fa0/10
exit
↓
!!!K2!!!
default-information originate always metric-type 1 route-map moren
redistirbute connected route-map bb2 metric-type 1
ip access-list standard moren
permit 150.2.1.0 0.0.0.255
route-map moren
match ip add moren
!!!K2!!!







!!!2.3!!!

R4
router eigrp yy
no auto-summary
network yy.yy.254.2 0.0.0.0
redistribute connected metric 10000 100 255 1 1500 route-map lo
exit
route-map loopback permit 10
match int lo 0
exit
exit
!!!K2!!!
router eigrp yy
no auto-summary
network yy.yy.254.2 0.0.0.0
net yy.yy.4.4 0.0.0.0
!!!K2!!!



R5
router eigrp yy
no auto-summary
network yy.yy.254.1 0.0.0.0
redistribute connected metric 10000 100 255 1 1500 route-map lo
exit
route-map loopback permit 10
match int lo 0
exit
exit
!!!K2!!!
router eigrp yy
no auto-summary
network yy.yy.254.1 0.0.0.0
net yy.yy.5.5 0.0.0.0
!!!K2!!!





SW3
router eigrp 100
no auto-summary
network 150.3.yy.1 0.0.0.0
eigrp stub receive-only
distribute-list rotue-map tag in vlan 33
exit
access-list 10 permit 0.0.0.0 127.255.255.255
route-map tag permit 10
match ip address 10
set tag 200
route-map tag permit 20
exit
router ospf yy
redistribute eigrp 100 subnets
summary-address 198.0.0.0 255.0.0.0
exit


!!!2.3!!!

R2
router bgp yy
no auto-summary
no syncronization
bgp router-id yy.yy.2.2
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbor ibgp update-source lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.7.7 peergrpup ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor yy.yy.8.8 weight 100
exit

R3
router bgp yy
no auto-summary
nosyncronization
bgp rouer-id yy.yy.3.3
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbor ibgp update-spource lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.7.7 pee-group ibgp
neighbor yy..yy.8.8 peer-group ibgp
neighbor yy.yy.7.7 weight 100

SW1
router bgp yy
no auto summary
no syncronizationbgp router-id yy.yy.7.7
neighbor ibgp peer-group
ibgp remote-as y
neighbor ibgp update-source lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor 150.1.yy.254 remoe-as 254




SW2
ip routeing
router bgp yy
no auto-summary
no syncronization
bgp router-id yy.yy.8.8
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbot ibgp update-source lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.7.7 peer-group ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor 150.2.yy.254 route-map as in
exit
route-map as permit 10
set as-path prepend 253
exit
exit


!!!2.4MPLS!!!
R4
ip cef
mpls labelprotocol ldp
mpls ldp route0id lo 0 force
int fa0/1
mpls ip
exit
ip vrf vpn yy
vrf 100:1
route-target both 100:1
exit
interfce fa0/0
ip vrf forwarding vpn yy
ip address yy.yy.128.130 255.255.255.224
exit
router bgp 100
no auto-summary
no synchronization
bgp router-id yy.yy.4.4
neighbor  yy.yy.5.5 update-source lo 0
neighbor yy.yy.5.5 remote-as 100
address-family vpn 4
neighbor yy.yy.5.5 active
neighboryy.yy.5.5 send-community-extended
exit
no bgp defualt ipv4-unicast
address-family ipv4 vrf vpn VPNYY
redistribute ospf yyvrf vpn yy
exit
exit
router ospf yy vrf vpn yy
redistribute bgp 100 subnets
netwrpk yy.yy.128.130 0.0.0.0
exit



R5
ip cef
mpls label protocop ldp
mpls ldp router-id lo 0 force
int fa0/3
mpls ip
exit
ipvrf vpn yy
rd 100:1
rote-target both 100:1
exit
int fa0/1
ip vrf forwarding vrf vpn yy
ip add yy.yy.0.130 255.255.255.224
exit
router bgp 100
no auto sum
no sync
router-id yy.yy.5.5
neighbor yy.yy.4.4 remote-as 100
neighbor yy.yy.4.4 update-source lo 0
address-familyvpnv4
neighbor yy.yy.4.4activate
neighbor yy.yy.4.4 send-community extended
exit
no bgp default ipv4 unicast
addresfamily ipv4 vrf vpn yy
redistribute ospf yy vrf vpn yy
exit
exit
router ospf yy vrf vpn yy
router-sofp yy vrf vpn yy
router-id yy.yy.5.5
redistribute bgp 100 subnets
network yy.yy.0.130 0.0.0.0 area  51
area 51 virtual-link yy.yy.7.7
exit

SW1
roter ospf yy
are 51 virtual-link yy.yy.5.5
exit






!!!2.5!!!
R3
int tun 35
tunnel source lo 0
tunnel destination yy.yy.0.130
ip unnumberdrd fa0/0
ip ospf yy area 1
exit





R5
int tun 35
tunnel source fa0/1
tunnel destination yy.yy.3.3
ip vrf forawrding vpn yy
ip unnumberded fa0/1
ip ospf yy area 1
ip tunnel vrf vpn yy
exit


R4
int lo 0
ip vrf forwarding vpnyy
ip address yy.yy.100.4 255.255.255.255

R5
int lo 1
ip vrf forwarding vpn yy
ip address yy.yy.100.5 255.255.255.255
exit



R4
router bgp 100
address-family ipv4 vrf vpnyy
network yy.yy.100.4 mask 255.255.255.255
exit
!!!K2!!!
address-family vrf vpn 1
redistribute ospf 1 vrf vpn1 match int external
redistribute connected
default information originate
!!!K2!!!



R5
router bgp 100
address-family ipv4 vrf vpnyy
network yy.yy.100.5 mask 255.255.255.255
exit
!!!K2!!!
address-family vrf vpn 1
redistribute ospf 1 vrf vpn1 match int external
redistribute connected
default information originate
!!!K2!!!



!!!K2+のみ!!!
R4
router ospf yy vrf vpn yy
aea 1 sham-link yy.yy.100.5
exit

R5
router ospf yy vrf vpnyy
are 1 sham-link yy.yy.100.5 yy.yy.100.4
exit
!!!K2+のみ!!!


R2
ipv6 unicast routing
int fa0/1
ipv6 address 20yy:1010:10::2/24
exit
int fa0/0
ipv6 address 20yy:1010:10::2/64

SW3
sdm prefer dual ipv4-ipv6 routeing
int vlan 33
ipv6 address 20yy:1010:222::9/64
exit
intvlan 234
ipv6 address 20yy:1010:10::9/64
exit


R2
ipv6 router rip cisco
exit
intfa0/0
ipv6 rip cisco enable
exit
int fa0/1
ipv6 rip cisco enable
exit





SW3
ipv6 router rip cisco
exit
intvlan 33
ipv6 cisvco rip enable
exit
int vlan 234
ipv6 rip cisco enable
ipv6 rip cisco default-informatio originate metric 2
exit



!!!3.1!!!
SW2
ip multicust-routing
ip pim auto-rp listner
int vlan 243
ip igmp join-group 239.10.5.1
exit

SW3
ip multicast-routing
ip pim auto-rp-listner
in  lo 0
ip pim sparse-mode
exit
int vlan 243
ip pim sparse-mpde
exit
access-list 10 permit 239.10.5.0 0.0.0.355
ip pim send-rp-announce ki o scope 16 group-list 10

SW4
ip muilticast-routing
ip pim auto-rp listner
int lo 0
ip pim sparse-,oe
exiit
int vlan 234
ip pim sparse-mode


!!!3.2!!!
access-list 20 permit 239.10.5
1
int vlan 243
ip igmp access-group 20

SW3
access-list 20 permit 239.10.5.1
int vlan 243
ip igmp acccess-group 20
exit


SW4
access-list 20 permit 239.10.5.1
int vlan 243
ip igmp access-group 20




!!!K2のみ!!!
###3.2IPV4 SSM##
SW234
ip pim ssm range 5
access-list 5 permit 232.20.10.1

R2
ip multicast-routing
ip pim ssm range 5
access-list 5 permit 232.20.10.1
inter e0/1
ip pim sparse-mode
int e0/0
ip pim sparse-mode
ip igmp ver 3
ip pim v3 lite
ip urd



!!!4.1!!!
LinkFragMentation


R1
map-class frame-relay FRTS
frame-relay cir  128000
frame-relay bcc 8000
frame-relay be 1000
exit

int s0/1
bandwidth 128
frame-relay traffic-shaping
exit
int s0/1.221 point-to-point
bandwidth 128
frame-relay interfce-dlci 221 ppp virtual-template 1
cclass FRTS
exit
exit
interfce Virtual-templat 1
bandwidth 128
exit
multilink bandle-name endpoint
int multilink 1
bandwidth 128
ppp multilink
bandwidth 128
ppp multilink
bandwidth 128
ppp multilink fragment delay 8
ppp multilink interleave
ppp multilink endpoint hostnae
exit




R3
map-class frame relay FRTS
frame-relay cir 1280000
frame-relay bc 8000
frame-relay be 1000
exit
int s0/0
bandwidth 128
frame-relay traffic-shaping
exit
int s9/1.223 point-to-point
bandwidth 128
frame-relay interface-lci 221 ppp virtual-template 1
class FRTS
exit
exit
int virtual-template 1
bandwidth 128
multilink-bandle endpoint hostname
exit



!!!K2のみ!!!
###4.1LinkFragmentation##
###
R1
class-map voip
match ip precedence 5
match ip rtp 16384 16383

policy-map voip
class voip
priority percent 45
policy-map shape
class class-default
shape average 128000 8000 1000
service-policy voip
multilink bundle-name endpoint
int multilink 1
ip unnumberded lo 0
ppp multilink fragment delay 8
ppp multilink interleave
bandwidth 128
service-policy output shape
interface s0/0/0.13 point-to-point
frame-relay interface-dlci 231 ppp virtual-template 1
interface virtual-template 1
ppp multilink group 1

###
R3
class-map voip
match ip precedence 5
match ip rtp 16384 16383

policy-map voip
class voip
priority percent 45
policy-map shape
class class-default
shape average 128000 8000 1000
service-policy voip
multilink bundle-name endpoint
int multilink 1
ip unnumberded e0/0
ppp multilink fragment delay 8
ppp multilink interleave
bandwidth 128
service-policy output shape
interface s0/0/0.13 point-to-point
frame-relay interface-dlci 233 ppp virtual-template 1
interface virtual-template 1
ppp multilink group 1
###
!!!K2のみ!!!





!!!4.2MQC!!!
R1
access-list 100 permit udp any any precedence critical
class-map match-all voip
match access-group 100
exit
policy-map voip
priority 45
exit
class class-default
fair-queue
exit
exit
interface multilink 1
service-policy output voip
exit


R3
aces-list 100 permit udp any any precedence critical
class-map match-all voip
exit
policy-map voip
class voip
priority 45
exit
class class-default
fair-queue
exit
exitinterface multilink 1
service-poicy output oip
exit


!!!4.3NTP!!!
R5
clock set 8:00:00 1 JAN 2010
conf t
clock timezone HK+8
nep master 5
ntp source fa0/1
ntp server yy.yy.254.254
ntp acces-group peer 10
ntp access-group serve-only 20
ntp peer vrf VPNyy yy.yy.3.3 key 1
ntp peer vrf VPNyy yy.yy.8.8
ntp peer vrf VPNyy yy.yy.7.7
access-list 10 permit yy.yy.254.254
access-list 10 permit 127..127.7.1
access-list 20 permit yy.yyy.3.3
access-list permit yy.yy.7.7
access-list 20 permit yy.yy.8.8
ntp update-calennder
clck calnder-vlid
ntp uthenticate
ntp trust-key 1
ntp authentication-key 1 md5 cisco

R3
clock timezone HK+8
ntp authenticate
ntp authentication-key 1 md5 cisco
ntp trust-key 1
ntp server yy.yy.0130 key 1 source lo 0
ntp update-calender
clock time-zone HK+8
ntpserer yy.yy.0.130 lo 0


SW2
clodk timezone HK+(
ntp server yy.yy.0.130 source lo 0





!!!K2!!!
###4.2ntp###
R5
clock calendea-valid
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp master 5
ntp source fa1/1
ntp access-group peer 1
ntp access-group serve-only 2
ntp update-calender

ntp peer vrf vpn 3 3.3.3.3 key 1
ntp peer vrf vpn 3 3.3.8.8
ntp peer vrf vpn 3 3.3.7.7
ntp server 3.3.254.254 source lo 0

access-list 2 permit 3.3.254.254
access-list 2 permit 127.127.7.1
access-list 1 permit 3.3.3.3
access-list 1 permit 3.3.7.7
access-list 1 permit 3.3.8.8
!!!K2!!!




R3
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp trust-key 1
ntp server 1.1.0.130 key 1 source lo 0

SW1 2
ntp server 1.1.0.130 source lo 0




!!!4.3 Rsvp !!!!!!!!
R1
interface lo 0
ip rsvp bandwidth 64 64
exit
interface multilink 1
ip rsvp bandwidth 64 64
exit
ip rsvp reservation-host yy.yy.1.1 yy.yy.3.3 tp 23 10000 ff rate 10 1


R3
interface lo 0
ip rsvp bandwidth 64 64
exit
interfae multilinnk 1
ip rrsvp bandwidth 64 64
exit
ip rsvp sender-host yy.yy.1.1 yy.yy.3.3 23 10000 10 1


!!!4.4FirstHop redunndancy with Object Tracking!!!

SW3
track 10 ip route 0.0.0.0 0.0.0.0 reachability
interface vlan 234
sandby 1 ip yy.yy.128.96
standb 1 preempt
standby 1 track 10
standby 2 ip yy.yy.128.222
standby 2 priority 105
standby 2 preempt
standby 2 track
exit


SW4
track 10 ip rotue 0.0.0.0 reachability
interface vlan 234
standby 1 ip yy.yy.128.9
standby 1 pripority 105
standb 1 preempt
standby 1 track 10
standby 2 ip yy.yy.128.222
standby 2 track 10
exit




!!!MLS qos for Video!!!
SW4
mld qos
mps qos srr-queue output dscp-map queue 1 56
ip access-list extnded 100
permit ip host yy.yy.128.98 yy.yy.0.64 0.0.0.31
exit
clss-map match all voip
match access-group 100
exit
ms qos map policed-dscp 5 to 8
poliy-map policy
class voip
set ip dscp 56
police 300000 125000 exceeded-action police-dscp-trancemit
exit
exit
interface 0.6
service-policy input policy
mls qos cos 1
exit
interfce range fa0/19 - 24
mps qos trust dscp
mps qos cos 1
priority-queue out
exit



SW1
mls qos
ms qos srr-queue outout dscp-map queue 1 56
interface range fa019 - 24
mls qos trust dscp
mls qos cos 1
priority-queue out
exit



!!!K2のみ!!!
###4.4MHSRP###

SW3
int vlan 234
standby 1 ip 1.1.128.196
standby 1 preempt
standby 2 ip 1.1.128.222
standby 2 priority 105
standby 2 preempt
standby 2 track 10

rtr 10
type echo protocol ipicmpEcho 12.12.128.163

rtr schedule 10 start-time now
track 10 rtr/ipsla 10

SW4
int vlan 234
standby 1 ip 1.1.128.196
standby 1 priority 105
standby 1 preempt
standby 1 track 10
standby 2 ip 1.1.128.222
standby 2 preempt
rtr 10
type echo protocol ipicmpEcho 12.12.128.163
rtr schedule 10 start-time now


track 10 rtr/ipsla10
!!!K2のみ!!!




!!!5.1!!!


SW1
ip sla responder


SW2


SW2
mls qos
mos qos srr-queue output dscp-map queue 1 56
interface range fa0/19 - 24
mls qos trust dscp
mls qos cos
priority-queue out
int fa0/1
mls qos trust dscp
mps qos cos 1
priority-queue out
exit




!!!5.1 Ip Service Level Agreement!!!
SW1
ip spa responder

SW2
ip sa 1
tcp-connect yy.yy.7.7 23 source-ip yy.yy.8.
freuency 180
exit
ip sla 2
icmp-echo yy.yy.3.3 source-ip yy.yy.8.8
frquncy 180
exit
ip sla schedule 1 start-time now recuring
ip sla schedule 2 start-time now recuring


!!!5.2 SNMP !!!
R3
snmp-server communit public Ro
snmp-server community public ro
snmp community ciscoADMIN RW
snmp-server enable traps rsvp
snmp-server host yy.yy.128.336 public rsvp


SW2
snmp-server community public RO
snmp-server community ciscoADMIN RW
snmp-server user ciscoADMIN ciscoADMIN v1
snmp-server user ciscoADMIN ciscoADMIN v2c
snmp-server enable raps rtr
snmp-server host yy.yy.128.226 pubic rsvp



!!!5.2!!!
R3
snmp-server comunity public RO
snmp-server community ciscoADMIN RW
snmp-server enable trasps rsvp
enmp-server host yy.yy.128.226 public rsvp

SW2
snmp-server community public RO
snmp-server community public RO
snmp-server community ciscoADMIN RW
snmp-server user ciscoADMIN v1
snmp-server user ciscoADMIN v2c
snmp-server enable traps rtr
snmp-server host yy.yy.120.226 public rtr
ip sla reaction-configuration 1 react rtr threshold-type imediate action-type trapOnly
ip sla reaction-configuration 2 react rtr threshold imediate action-type traponly









###5.2snmp###K2のみ
snmp-server community public ro
snmp-server community ciscoADMIN rw
snmp-server enale traps rtr/ipsla
snmp-server hos yy.yy.128.226 public
ip sla monitor reaction-configration 1 react rtt threshold-value 40 2 0 threshold-type immediate action-type traponlyip


R3
snmo-server communitu public ro
snmo-server community ciscoADMIN rw
snmp-server host yy.yy.128.226 public
snmp-server enable traps osp cisco-specific state-change sham-link
snmp enable traps osp cisco-specific errors shamlink
snmp-server enable traps osp cisco-specific retransmit shamlink



R2
service timestamps debug datetime msec localtime

loggng count
logging buffered 100000 warnings
exception core-file rack12R2 compress
exception protocol ftp
exception dump 12.12.128.196
ip ftp username reload
ip fftp password cico
ip ftp passive
###5.2snmp###K2のみ




!!!5.3!!!
R2
logging on
servicetimestaumps log dateline msec localtime
service timestamps debug datetim msec localtime
logging count
logging buffered 100000 warnings
ip ftp username reload
ip ftp passwprd cisco
exception corefile RackyyR2 compress
exception protocol ftp
exception dump yy.yy.126.196

R4
extendded ip access-list copp_acl_atack
10 permit udp any any eq 1434
20 permit udp any any eq 1434 any
30 permit ip any any fragments
extended ip access-list copp_acl_bgp
10 permit tcp any eq bgp host 1.1.4.4
20 permit tcp any host 1.1.4.4 eq bgp=179

extended ip access-list copp_acl_ldp
10 permit tcp any host 1.1.4.4 eq 646
20 permit tcp any eq 646 host 1.1.4.4
30 permit udp any eq 646 host 224.0.0.2 eq 646
extended ip access-list copp_acl_mgmt
10 permit icmp any　any
20 permit pim any any
extended ip access-list copp ospf

!!!5.4!!!

R4
mls qos
class map match-all telnet id3
matchaccess-group name copp_acl_telnet
class-map match-all attack
match access-group name copp_acl_attack
clas map match-all mgmt
match access-group name copp_acl_mgmt
class-map match-any class-default
match any

class map match-any ldp_bgp_ospf_eigrp id 1
match access-group name copp_acl_ldp
match access-group name copp_acl_bgp
match access-group name copp_acl_ospf
match access-group name copp_acl_eigrp
class-map match-all l2arp
match protocol arp
policy map police
class attack
policerate 10 pps burst 2 packet
conform-action drop
exceed-action drop
class ldp_bgp_ospf_eigrp
class telnet
poolicerate 100 pps burst 24 packets
conform action transmit
exceeded action trancemit

134

!!!1.2 Trouble shoot Layer2Switching!!!
SW3-4
int fa0/24
no switchport access vlan 44
switchport trunk encapslation dot1q

SW1-SW4
vtp domain CCIERoutingandSwitching
vtp pass cico


SW2
int s0/0/0no
no switchport backup int fa0/0

R1
int s0/0
ip add yy.yy.15.249 255.255.255.255
no peer neighbor-route

R3
int bs0/1ip add yy.yy.15.245 255.255.255.252
no peer neighbor route

R5
int s0/0
ip add yy.yy.15.250 255.255.255.252
no peer neighbor route

int s0/1
ip add yy.yy.15.246 255.255.255.252
no peer-neighbor route




!!!Implement the access-switch ports of switched network!!!

SW1
spanning-tree vlan 1-4094 priority 0
int fa0/3
switchport mode access
switchport access vlan 3
int fa0/4
switchport mode access
switchport access vlan 44
int fa0/5
switchport mode access
switchport access vlan 15
int fa0/10
switchport mode access
switchport access vlan 15

int vlan 11
ip add yy.yy.15.162 255.255.255.224
no shut
int vlan 13
ip add yy.yy.12.194 255.255.255.224
no shut


SW2
int fa0/1
switchport mode access
switchport access vlan 11

int fa0/3
switchport mode access
switchport access vlan 13

int fa0/4
switchport mode access
switchport access vlan 24

int fa0/5
switchport mode access
switchport access vlan 45

int fa0/10
switchport mode access
switchport access vlan 2
spanning-tree guard root

int vlan 22
ip add yy.yy.16.139 255.255.255.224
no shut

int vlan 2
ip add 150.2.yy.1 255.255.255.0
no shut



SW3
int fa0/10
switchport mode access
switchport access vlan 2
spanning-tree guard root



SW4
int vlan 44
ip add yy.yy.15.66 255.255.255.224
no shut
int vlan 45
ip add yy.yy.15.98 255.255.255.224
no shut


SW2
int fa0/2
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
switchport trunk allowed vlan 22,24



R2
int fa0/1
no ip add
no shut
int fa 0/1.22
encapslation dot1q 22
ip add yy.yy.15.129 255.255.255.224
int fa0/1.24
encapslation do1q 24
ip add yy.yy.15.34 255.255.255.224


SW1
spanning-tree portfast default
spaning-tree portfast bpdufilter default


SW2
spanning-tree portfast default
spannig-tree bpdufilter default

SW3
spanning-tree portfast default
spanning-tree portfast bpdufilter default


SW4
spanning-tree portfast default
spanning-tree portfast bpdufilter deault



!!!Implement frame relay!!!
R4
frame-switching
int s0/0
encapslation frame-relay ietf
frame-relay intf-ty dce
clockrate 64000
frame-relay ansi
frame-relay route 100 interface serial 0/1 200
no ip add
no shut
exit
int s0/1
encapslation frame-relay ietf
clockrate 64000
frame-relay lmi-ty ansi
frame-relay route 200 interface s 0/0 100
no ip add
end

int s0/0
encapslatino frame-relay ietf
no frame-relay inverse-arp
no arp frame-relay
no ip add
no shut
exit
int s0/0.100 point-to-point
ip add yy.yy.15.242 255.255.255.252
no shut
fram-relay interface-dlci 100 ietf
end


int s0/0
encapslation frame-relay ietf
no frame-relay inverse-arp
no arp frame-relay
no i add
no shut
exi
int s0/0.200 point-to-point
ip add yy.yy.15.241 255.255.255.252
no shu
frame-relay interface-dlci 200 ietf
end





!!!Traffic control protection from the backones!!

SW1
int fa0/10
storm-control broadcast level 50

SW2
interface fa0/10
storm-control broadcast level 50


SW3
interface fa0/10
storm-control broadcast lebel 50


R1
interface fa0/1
ip add yy.yy.15.162 255.255.255.224
no shut
exit

int s0/1
bandwidth 128
encapslation ppp
no peer neighbor-route
ip adde yy.yy..15.249 255.255.255.252
no shut
end



R3
int fa0/1
ip add yy.yy.15.193 255.255.255.224
no shut
exit

int fa0/0
ip add 150.3.yy.1 255.255.255.0
no shut
int s0/0
ncapslation ppp
no peer neighbor-route
ip add yy.yy.15.245 255.255.255.252
no shut
end


R4
int fa0/1
ip add yy.yy.15.33 255.255.255.224
no shut
exit


R5
int fa0/1
ip add yy.yy.15.97 255.255.255.224
no shut
exit
int fa0/0
ip add 150.1.yy.1 255.255.255.0
no shut
exit
int s0/0
bandwidth 128
encapslation ppp
no peer-neighbor route
ip add yy.yy.15.250 255.255.255.252
no shut
exit
int s0/1
encapslation ppp
no peer neighbor-route
ip add yy.yy.15.246 255.255.255.252
no shut
end








!!!K3のみ!!!
・As per the VLAN tables configure VLANs for the access switch ports
・Also include the ports to BB1, BB2 and BB3
・Trunk between SW2-fa0/2 and R2-FA0/1 should be configured
・In the access switch port avoid transmitting BPDUs, when BPDU is received in any of these ports, the port should transmit back to the listening, learning and forwarding process.
・In the routers including trunk configuration should add any special layer2 commands which are required
・For these access switch ports, by passing the listening and learning states, the spanning tree enters the forwarding state immediately and ensure this.
!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
SW1:
Interface fa0/3
Swi acc vlan 5
Swi mode acc
!
Int fa0/4
Swi acc vlan 46
Swi mode acc
!
Int fa0/5
Swi acc vlan 17
!
Int fa0/10
Swi acc vlan 17
!
Int vlan 13
Ip add YY.YY.13.157 255.255.255.224
No shut
!
Int vlan 15
Ip add YY.YY.13.189 255.255.255.224
No shut

SW4 and SW4
Spanning-tree portfast default
Spanning-tree portfast bpdugurard default
Errdisable recovery cause bpduguard
Errdisable recovery interval 300
Note** The default timeout interval is 300 seconds and , by default the timeout is disabled.

SW2
Int fa0/1
Swi acc vlan 13
Swi mode acc
!
Int fa0/2
Swi tru encap dot1q
Swi tru all vlan 22,24
Swi mode trunk
!
Int fa0/3
Swi acc vlan 15
Swi mode acc
!
Int fa0/4
Swi acc vlan 26
Swi mod acc
!
Int  fa0/5
Swi acc vlan 47
Swi mode acc
!
Int fa0/10
Swi acc vlan 4
Swi mode acc
!
Int vlan 4
Ip add 150.2.YY.1 255.255.255.0
!
Int vlan 24
Ip add YY.YY.13.125 255.255.255.224
No shut

SW3
Int fa0/10
Swi acc vlan 5
Swi mode acc

SW4
Int vlan 46
Ip add YY.YY.13.61 255.255.255.224
No shut
!
Int vlan 47
Ip add YY.YY.13.93 255.255.255.224
No shut

R2
Int fa0/1
No shut
!
Int fa0/1.24
Encap dot1q 24
Ip add YY.YY.13.124 255.255.255.224
!
Int fa0/1.26
Encap dot1q 26
Ip add YY.YY.13.29 255.255.255.224

R3
Int fa0/0
Ip add 150.3.YY.1 255.255.255.0
No shut

R5
Int fa0/0
Ip add 150.1.YY.1 255.255.2555..0
No shut

2.4 Frame Relay Configuration
Consider the points to configure R1 and R2 for frame relay and R4 as the frame realy switch, use auto-sensing on R1 & R2 and ANSI LMI on Frame Relay switch, avoid any static inverse ARP frame-relay maps. For encapsulation use RFC1490/RFC2427 (IETF Encapsulation)

    Frame Relay DLCI details
・R1 Frame Relay interface 101
・R2 Frame Relay interface 201
!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
R1
Interface s0/0/0
Encap frame-relay ietf
No frame-relay inverse-arp
No shut
Ip add YY.YY.13.127 255.255.255.252
Frame-relay map ip YY.YY.13.236 100 broadcast
Frame-relay map ip YY.YY.15.242 100
Clockrate 256000
No shut
!
Int s0/0/0/101
Point-to-point
Ip address YY.YY.13.237 255.255.255.252
!
R2
Int s0/0/0
Encap frame-relay ietf
No frame-relay inverse-arp
No shut
!
Interface serial 0/0/0/201
Point-to-point
Ip add YY.YY.13.236 255.255.255.252

R4
Frame-relay switching
!
Interface s0/0/0
Encap frame-relay
Clock-rate 256000
Frame-relay lmi-type ansi
Frame-relay intf-type dce
Frame-relay router 101
Interface serial 0/1/0 201
No shut
!
Int s0/0/1
Encap frame-relay
Clock rate 256000
Frame-relay lmi-type ansi
Frame-relay intf-type dce
Frame-relay route 201
Interface serial0/0/0 101
No shut
!!!K3のみ!!!














!!!trunking manipulations!!!
K1 3,11,13,15,44,45
K3 5,13,15,46,47



SW1
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45

SW2
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45


SW3
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45



SW4
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan
2,3,11,13,15,22,24,44,45


!!!2.1Implement ipv4 ospf!!!
R1
router ospf yy
net yy.yy.1.1 0.0.0.0 area 0
net yy.yy.15.242 0.0.0.0 arez 2
net yy.yy.15.161 0.0.0.0 area 0


R2
router ospf yy
net yy.yy.2.2 0.0.0.0 area 0
net yy.yy.15.242 0.0.0.0 area 2
net yy.yy.15.161 0.0.0.0 area 0

R3
router ospf yy
net yy.yy.3.3 0.0.0.0 area 2
net yy.yy.15.193 0.0.0.0 area 0

SW1
ip routing
router ospf yy
net yy.yy.7.7 0.0.0.0 area 0
net yy.yy.15.194 0.0.0.0 area 0
net yy.yy.7.7 0.0.0.0 area 0


SW2
ip routing
router ospf yy
net yy.yy.15.130 0.0.0.0 area 2
net yy.yy.8.8 0.0.0.0 area 2


R1
router ospf yy
area 2 nssa default information originate

R2

router ospf yy
area 2 nssa

SW2
router ospf yy
area 2 nssa


R1
interfce s0/0.100 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multipiler 20


R2
interfce s0/0.200 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multipiler 20
※K1とK3はhello-multipiler 5




!!!2.2Implement ipv4 eigrp!!!
※K1,K3はauto summary→no auto summary

R1
router eigrp yy
auto-summary
network yy.yy.15.249 0.0.0.0

R3
router eigrp yy
auto-summary
net yy.yy.15.245 0.0.0.0


R5
router eigrp yy
auto-summary
network yy.yy.5.5 0.0.0.0
network yy.yy.15.97 0.0.0.0
net yy.yy.15.246 0.0.0.0
net yy.yy.15.250 0.0.0.0

SW4
ip routing
router eigrp yy
net yy.yy.10.10 0.0.0.0
net yy.yy.15.98 0.0.0.0


R3
router ospf yy
redistribute eigrp 100 subnets
※K3K1ではmetric-ty 1 追加

R3
router eigrp 100
auto-summary
net 150.3.yy.1 0.0.0.0

R3
router eigrp yy
redistribute eigrp 100 metric 10000 100 255 1 1500

int s0/0
ip summary-address eigrp yy 198.2.0.0 255.255.248.0

R1
※K3以下追加
permit ip host 198.2.2.0 host 255.255.255.0
permit ip host 198.2.2.0 host 255.255.255.0

ip access-list standard
permit ip host 4.1.1.0 host 255.255.255.0
permit ip host 128.28.2.0 host 255.255.255.0
pormit ip host 198.1.1.4 host 255.255.255.252
permit ip host 198.2.1.0 host 255.255.255.0
permit ip host 198.2.3.0 host 255.255.255.0
permit ip host 198.2.5.0 host 255.255.255.0
permit ip host 198.2.0.0 host 255.255.255.0
permit ip host 1503.yy.0 host 255.255.255.9
route-map filter deny 10
match ip add 100
filter permit 20

router ospf yy
redistribute eigrp yy subnets route-map rilter
※K1K3ではmetric-ty 1追加
router eigrp yy
redistribute eigrp yy subnets route-map filter
router eigrp y
redistribute ospf yy metric 10000 100 255 1 1500 route-map filter


!!!2.3 Implement Rip Version 2!!!
※K1,K3はauto summary→no auto summary

R2
router rip
ver 2
auto-summary
passve-interface default
nrighbor yy.yy.15.33
netwok yy.0.0.0
exit

int fa0/1.24
ip rip receive ver 2
auto-summary
passive-interface default
neighbor y.yy.15.34
neighbor yy.yy.15.66
network yy.0.0.0
exit

int fa 0/0
ip rip receive ver 2
int fa0/1
ip rip rceive ver 2


SW4
router rip
ver
auto-sunary
passive interface default
nei yy.yy.5.5
net yy.0.0.0
exit

int vlan 44
ip recerive ver 2


R2
router osp yy
redistribute rip subnets
router rip
redistibute ospf yy metric
↑
※※※※※※※K1とK3※※※※※※※
Router rip
Redistribute ospf 11 metric 3 route-map filter
Ip prefix-list nssa per 0.0.0.0/0
Route-map filter deny 10
Match ip add filter nssa
Route-map filter per 20
Access-list 10 deny 11.11.2.2
Access-list 10 permit any
※※※※※※※K1とK3※※※※※※※




SW4
router rip redisriute eigrp yy metirc 2
router eigrp yy
redistribute metric 10000 100 255 1 1500
↑
※※※※※※※K1とK3※※※※※※※
Router eigrp 11
Redistribute rip metric 10000 100 255 1 1500 route-map perrip
Ip prefix-list rip per 11.11.2.2/32
Ip prefix-list rip per 11.11.4.4/32
Ip prefix-list rip per 11.11.15.32/27
Ip prefix-list rip per 11.11.15.64/27
Route-map perrip permit 10
Match ip add prefix rip
※※※※※※※K1とK3※※※※※※※




R2
router ospf yy
distanve 125 yy.yy.1.1 0.0.0.0 1
exit
access-list 1 permit yy.yy.4.4
access-list 1 permit yy.yy.10.10
access-list 1 permit yy.yy.15.64

router rip
offset-list 2 out 3 fa 0/1.24
access-list 2 deny yy.yy.2.2
access-list 2 permit any




SW4
router rip
distance 175 yy.yy.15.65 0.0.0.0 1
access-list 1 deny yy.yy.2.2
access-list 1 deny yy.yy.4.4
access-list 1 deny yy.yy.15.32
access-list 1 permit any
※※※※※※※K4のみ※※※※※※※
access-list 2 deny 0.0.0.0
access-list 2 router rip
desstribute-list 2 in vlan 44
※※※※※※※K4のみ※※※※※※※


SW4
※※※※※※※K4のみ※※※※※※※
router eigrp 30
redistribute rip metric 10000 100 255 1 1500 deny_default
accss-list 1 per 0.0.0.0
route-map deny_default deny 10
match ip add 1
route-map deny_default per 20
※※※※※※※K4のみ※※※※※※※



R2
※※※※※※※K4のみ※※※※※※※
router rip
distribute-list 1 in fastethernet0/1.24
access-list 11 deny 150.1.0.0
access-list 11 deny 150.3.0.0
access-list 11 deny 1.0.0.0
access-list 11 deny 128..28.0.0
access-list 11 deny 198.1.1.0
access-list 150.2.0.0
access-list 11 permit any
※※※※※※※K4のみ※※※※※※※



!!!2.4 Implement IPV6!!!
R4
ipv6 unicast-routing
interface fa0/1
ipv6 adress fci1:db8:749::/64 eui-64

R2
ipv6 unicast-routing
int fa0/1.24
ipv6 address fc01:db8:74:9::/64eui-64
intereface s0/0.12
ipv6 add fc01:db8:74:a::/64eui-64

R1
ipv6 unicast-routing
interface serial0/0.12
ipv6 address fc01:db8:74:a::/64 eui-64
interace fa0/1
ipv6 address fc01:db8:74:b::/64eui-64


SW1
sdm prefer dual-ipv4-and-aipv6 routing
ipv6 unicast-routing
interface vlan 11
ipv6 address fc01:db8:74:b::/64 eui-64




R4
ipv6 router ospf yy
router-id yy.yy.4.4
interface fa0/1
ipv6 ospf yy area 0


R2
ipv6 router ospf yy
router-id yy.yy.2.2
interface fa0/1.24
ipv6 ospf yy area 0
interface s 0/012
ipv6 opsf yy area 1


R1
ipv6 router ospf yy
route-id yy.yy.1.1
interfae s0/0.12
ipv6 ospf yy area 1
interface fa0/1
ipv6 ospf yy ara 1

SW1
ipv6 router ospf yy
router-id yy.yy.7.7
interface vlan 11
ipv6 ospf yy area 1


!!!Implement IPV4 BGP!!!
R1
router bgp yy1
bgp router-id yy.yy.1.1
bgp confederation identifer yy
bgp confederation peers yy2
neighbor ibgp peer-group
neighbor ibgp remote-ad yy1
neighbor ibgp update-source lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp
neighbor yy.yy.2.2 remote-as yy2
neighbor yy.yy.2.2 ebgp multihop 255
neighbor yy.yy.2.2 update-source lo 0




R3
router bgp yy1
bgp router-id yy.yy.3.3
bgpconederation identifer yy
neighbor bgp peer-group
neighbor ibgp remote-as yy1
neighbor ibgp update-source lo 0
neighbor yy.yy.1.1 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp



R5
router bgp yy
bgp brouter-id yy.yy.5.5
bgp confederation identifer yy
neighbor ibgp peer-group
neighbor ibgp remote-as yy1
neighbor ibgp update-source lo 0
neighro yy.yy.1.1 peer-group ibgp
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp
neighbor 150.1.yy.254 remote-as 254
access-list 1 permit 197.68.20.0 0.0.3.255
route-map local-pre permit 10
match p add 1
set local pre 200
exit
roue-map local-pre permi 20


SW4
router bgp yy1
bgp router-id yy.yy.10.10
bgp confederation ientifer yy
bgp confederaton peer yy2
neighbor ibgp peer-group
neighbor ibgp remote-as yy1
neirhbor ibgp upatesource lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.1.1 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.2.2 remote-as yy2
neighbor yy.yy.2.2 egp multihop 255
neighbor yy.yy.2.2 update-source lo 0



R2
rouer bgp yy2
bgp router-id yy.yy.2.2
bgp confederatino identifer yy
bgp confederaton peersyy1
neighbor yy.yy.2.2 remote-as yy1
neighbor yy.yy.2.2 update source lo 0



R2
router bgp yy2
bgp confederation identifer yy
bgp confederation peers yy2
neighbor ibgp peer-group
neighbor ibgp remote-as  yy1
neir ibgp upteda-source lo 0
neirhbor yy.yy.1.1 peer-g ibgp
nei yy.yy.3.3 peer-g ibgp
nei yy.yy.5.5 peer-g ibgp
nei yy.yy.2.2 remote-as yy2
nei yy.yy.2.2 udate-sourc lo0


R2
router bgp 2
bgp router-id yy.yy.2.2
bgp confederation identifer yy
bgp onfederation peers yy1
neighbor yy.yy.1.1 remote-as yy1
neighbor yy.yy.1.1 ebgp multihop 255
neighbor yy.yy.1.1 upate-sourve lo 0
neirhbor yy.yy.10.10 remote-as yy1
neighbor yy.yy.10.10 ebgp-multihop 255
neighbor yy.yy.10.10 update-source lo 0
neighbor yy.yy.8.8 remote-as yy2
neighboryy.yy.8.8 update-source lo 0


SW2
router bgp yy2
bgp router-id yy.yy.8.8
bgp confederatin identifer yy
neighbor yy.yy.2.2 remote-as yy2
neirhbor yy.yy.2.2 update-source lo 0
nei 150.2.yy.254 remote-as 254



R5
route-map conbb1 permit 10
match interfce fa0/;0
exit

router eigrp yy
redisribute connected routemap connbb1 metric 10000 100 255 1 1500

routepmap connbb2 permi 10
match interface vlan 2
exit
router ospf y
redistribute connected subnets route-map connbb2




R3
acces-list 1 permit 150.1.yy.0
accss-list 1 permit 150.2.yy.0
router ospf yy
distance 175 yy.yy.1.1 0.0.0.0 1









※※※※※※※K1とK3※※※※※※※
3.5 Implement IPV4 BGP
Refer to the BGP routing diagram, configure BGP with these parameters:
Configure two confederations R1, R3, R5 and SW4 (ASYY1) and R2 and SW2 (ASYY2)
The confederation peers should neighbor between R1 and R2 and between SW4 and R2

EBGP: SW2EBGP peer with the router 150.2.YY.254 on backbone 2 in AS 254. This router advertise five routes with format 197.68.x.0/24 and AS patch 254
EBGP:R5 EBGP peer with the router 150.2.YY.254 on backbone 1 in AS 254, This router advertise five routes with format 197.68.x.0/24 and AS patch 253

The BGP devices should all prefer the path through R5 (150.1.YY.254) for network 197.68.21.0/24 and 197.68.22.0/24. The (IBGP) devices should all prefer the path through SW2 (150.2.Yy.254) for network 197.68.1.0/24 and 197.68.5.0/24. This manipulations should be accomplished only on one router using route-maps that refer to a single access-list
Configure only the loopback0 ip addres to propagate BGP route information

!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
R1
Router bgp 111
Bgp router-id 11.11.1.1
Bgp log-neighbor-changes
Bgp confederation identifier 11
Bgp confederation peers 112
Neighbor 11.11..2.2 remote-as 112
Neighbor 11.11.2.2 update-source Lo0
Neighbor 11.11.11.11 remote-as 52
Neighbor 11.11.1.1 ebgp multihop 255
Neighbor 11.11.11.11 remote-as 111
Neighbor 11.11.11.11 update-source Lo0
No auto-summary
R3
Router bgp 11
No synchronization
Bgp router-id 11.11.3.3
Neighbor 11.11.1.1 remote-as 111
Neighbor 11.11.1.1 update-source Lo0
No auto-summary

SW4
Router bgp 11
Bgp confederation peers 112
Bgp confederation identifier 11
Bgp router-id 11.11.10.10
Neighbor 11.11.2.2 remote-as 112
Neighbor 111.11.2.2 ebgp multihop 10
Neighbor 11.11.11.11 update-source Lo0
No auto-summary

R5:
Router bgp 11
No synch
Bgp router-id 11.11.11.11
Bgp log-neighbor-changes
Bgp confederation identifier 11
Neighbor ibgp peer-group
Neighbor ibgp remote-as 111
Neighbor ibgp loopback0
Neighbor as 52 route-reflector-client
Neighbor as 52 next-hop-self
Neighbor 11.11.1.1 peer-group ibgp
Neighbor 11.11.3.3 peer-group ibgp
Neighbor 11.11.10.10. peer-group ibgp
Neighbor 150.111.254 remote-as ibgp
Neighbor 150.1.11.254 route-map loc in
No auto-summary

Ip access-list extra 127
Access-list 5 permit 197.68.21.0 0.0.0.255
Access-list 5 permit 197.68.22.0 0.0.0.255

Route-map loc permit 10
Match ip address 127
Set local-preference 200

SW2:
Router bfp 112
No sync
Bgp router-id 11.11.8.8
Bgp confederation identifier 11
Neighbor 11.11.2.2 remote-as 112
Neighbor 11.11.2.2 update-source loopback0
Neighbor 11.11.2.2 next-hop-self
Neighbor 150.2.5.254 remote-as 254
No auto-summary

R2
Router bgp 112
No sync
Bgp router-id 11.11.2.2
Bgp log-neighbor-changes
Bgp confederation identifier 11
Bgp confederation peers 111
Neighbor ebgp peer-group
Neighbor ebgp remote-as 111
Neighbor ebgp update source Lo0
Neighbor 11.11.2.2 ebgp-multihop 10
Neighbor 11.11.10.10 peer-group ebgp
Neighbor 11.11.8.8 remote-as 112
Neighbor ebgp update-source Lo0


※※※※※※※K1とK3※※※※※※※








!!!Implement PIM sparse mode for IPV6!!!
R4
ipv6 cef
ipv6 multicast-routing
R2
ipv6 cef
ipv6 multicast-routing

R1
ipv6 cef
ipv6 multicast-routing



R4
ipv6 access-list mul
permit ipv6host ff08::4000:4000 au
ipv6 pom rp-adress FC01:DB8:74:9:C203:4FF:FEC0:1 mul


R2
ipv6 access-list mul
permit ipv6 host ff08::4000 4000 any
ipv6 pim rp-adress FC01:DB8:74:9:C203:4FF:FEC0:1 mul

R1
ipv6 access-list mul
permit ipv6 host ff08::4000:400 any
ipv6 pim rp-address FC01:DB8:74:9:c203:4FF:FC01:1 mul



!!!3.2 Muticast joins!!!
R2
interface s0/1.12
ipv6 mld join-group FF08::4000:4000

or

R1
interface s0/0/0.12
ipv6 mld join-group f08:4000:4000


!!!4.1 secure Http Access!!!
R5
aaa new-model
aaa authenticatin login default line none
aaa authentication hoginn HTTP local0case
aaa authorization exec HTTP local
no ip http server
ip hrrp secure-server
ip http authtentication aaa login-authtentication HTTP
ip http authenticaton aaa exec-authorization HTTP
username cisco prviledge 1 password cisco
username ADMIN priviledge 15 password CISCO



!!!4.2 secure the wan ppp links!!!

R5
aaa authtnetication ppp R1 group radius local0case
aaa authtentication ppp R3 group tacacs+ local-case
radius-server host 198.2.5.128 key cisco
username RACKYYR1 password cisco
username BACKUP password CISCO
int s0/0
ppp authentication chap R1
interface s0/1
ppp authentication chap R3


R1
interface s0/1
ppp chap hostname RACKYYR1
ppp chap pasword cisco


R3
int s0/0
ppp chap hostname BACKUP
ppp chap password CISCO




!!!4.3MQC-Based Frame-relay traffic shaping!!!

R2
class-map voip
match ip dscp ef

class-map match-any data
match ip dscp af11
match ip dscp af21

policy-map cisco
class-voip
priority percent 40
exit
class data bandwidth percent 35
policy-map mqc
class class-default
fair-queue
shape average 64000
shape adaptive 32000

service-policy cisco
map-class frame-relay FRTS
srvice-policy putput mqc

interface srial 0/0.200
frame-relay inteface-dlci 200
class FRTS



!!!4.4 AutoQOS over PPP!!!
R1
interface s0/1
auto discovery qos trust
auto qos voip trust


R5
interface s0/0
auto discovery qos trust
auto qos voip trust


R1R5
interface
multilink xxxx
no peer neighbor-rotue






!!!4.5 First Hop Redundancy!!!
※（）はK4のみ

R2
interface fa0/1.24
glbp 1 yy.yy.15.36
glbp 1 preempt
（gpbp 1 weighting 100 lower 95）
gbp1 authentication md5 key-string cisco


R4
int fa0/1
glbp 1 yy.yy.15.35
glbp 1 preemt
glbp 1 priority 105
（glbp 1 weighting 100 lower 95）
glbp 1 authentication MD5 key-string cisco
（glbp 1 weighting track 10 decrement 20）
（track 10 ip route 0.0.0.0 reachability ）

!!!4.6 Poled and broadcast NTP!!!
R4
clock set 8:00 1 jan 2000
clock time-zone HK +8
ntp master 3
ntp source lo 0
ntp update-calender
interface fa0/1
ntp broadcast

R2
clock timezone HK+8
ntp server yy.yy.4.4
ntp update-calender
interface fa0/1.24
ntp broadcast client

R3
clock timezone HK +8
ntp server yy.yy.4.4
ntp update-calender


!!!4.7 Syslog!!!
R3 logging on
logging trap critical
logging facility local 6
logging host 150.3.yy.10
logging source-interface lo 0



!!!5.1 netflow data export !!!
R4
ip flow-export version 9
ip flow-export source lo 0
ip flow-export destination 198.2.5.10 9991
ip multicast netflow rpf-failure
ip multicast netflow output-counters
interace fa0/1
ip flow ingres
ip flow egress


!!!5.2 Embedded event manager monitor of cpu!!!
R3
event manager appler CPU
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.8 get-type exact entry-op ge
entry-val 60 poll-interval 60
action 1.0 cli command enable
acrion 2.0 tcl flash:eem.tcl
action 3.0 mail server 198.2.5.10 to enngineer@cisco.com from "EEM@cisco.com"subjct"CPUAlert5min"body"$_cli_result"
tclsh
puts[open"flash:eem.tcl"w+]{
set cpu[exec"show processes cpu sorted 5min"]
set cpu_ooutput[split $cpu"n"]
sen n 0
while [$n,13][
puts[index$cpu_output$n]
incr n}
exit

!!!5.3 Tftp server!!!

R3
access-list 4 permit yy.yy.4.4
access-list 4 permit yy.yy.15.33
access-list 4 permit yy.yy.15.65
tftp-server flash:test4

けぇご

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
K5
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!2.1 Implement the Access-switch ports of Switched Network!!!

SW1
spanning-tree mod rapod-pvst
int vlan 10
ip add yy.yy.28.2 255.255.255.224

int vlan 41
ip add yy.yy.128.65 255.255.255.224

int vlan 140
ip add yy.yy.234.33 255.255.255.224

int vlan 234
ip add yy.yy.234.1 255.255.255.224


SW2
spanning-tree mode rapid-pvst
int vlan 42
ip add yy.yy.128.98 255.255.255.224

int vlan 52
ip add yy.yy.128.193 255.255.255.224

int vlan 230
ip add yy.yy.234.65 255.255.255.0

int vlan 234
ip add yy.yy.234.2 255.255.255.224

int fa0/5
switchport trunk encapslation dot1q
switchport trunk allowedvlan 52,53
switchport mode trunk

SW3
spanning-tree mode rapid-pvst
int vlan 23
ip add yy.yy.128.161 255.255.255.224

int vlan 53
ip adde yy.yy.128.226 255.255.255.224

int vlan 230
ip add yy.yy.234.66 255.255.255.224

int vlan 340
ip add yy.yy.234.98 255.255.255.224
int fa0/8
spanning-tree bpduguad enable
errdisable recovery interval 90




SW4
spanning-tree mode rapid-pvst

int vlan 20
ip add yy.yy.128.129 255.255.255.224

int vlan 30
ip add yy.yy.128.34 255.255.255.224

int vlan 140
ip add yy.yy.234.34 255.255.255.224

int vlan 234
ip dd yyy.yy.234.4 255.255.255.224

int vlan 340
ip add  yy.yy.234.97 255.255.255.224


!!!1.3 ImplementFrame-Relay!!!
R1
int s0/1/0
encapslation frame-relay
no frame-reay inverse-arp
int s0/1/0.231 point-to-point
ip unnumbered lo 0
frame-relay interface-dlci 231

R3
int s0/0/0
encapslation frame-relay
no frame-reay inverse arp

int s0/0/0.223 point-to-point
ip unnumberded lo 0
frame-relay inteface-dlci 233







R5
frame-relay switching
int s0/0/0
no ip add
encapslation frame-relay
no frame-relay inberse arp
clock rate 128000
frame-relay lmi-ty cisco
frame-relay intf ty dce
frame-relay route 23
interface s0/1/0 233
int s0/1/0
no ip add
encapslation frame-relay
no frame-relay intf-ty dce
frame-route 233 interface s0/0/0 231

!!!1.4 Switching!!!
SW1
int range fa0/19 - 20
switchport trunk encapslation dot1q
switchort mode trunk
cannel-groupyy mode on
int range fa0/21 - 22
switchport trunk encapslation dot1q
switchport mode trunk

spanning-tree vlan 1 10 riority 0
spanning-tree vlan 20,30 priority 61440



SW2
int range fa019 - 20
switchport trunk enapslation dot1q
switchport mode trunk
channel-group yy mode on
int fa9/21 - 22
switchport trunk encapslation dot1q
switchport mode trunk

int range fa0/23 - 24
shutdown



SW3
int range fa0/19 - 20
switchport trunk encaslation dot1q
switchport mode trunk
channel-group yy mode on
int range fa0/21 - 22
switchport trunk encapslation dot1q
switchport mode trunk

int range fa0/23 - 24
shutdown


SW4
int range fa0/19 - 20
switchport trunk encapslation dot1q
switchport mode trunk
channel-group yy mode on


int range fa0/21-22
switchporttrunk encapslation do1a
switchport mode trunk

int range fa0/23 -24
switchport trunk encapslation dot1q
switchport mode trunk


!!!1.5 Switch port security!!!
SW3
int fa0/10
switchport port-security maximum 3
switchport port-security mac-address 0000.1234.1111
switchport port-security mac-address 0000.abcd.1111
switchport port-security aging type inactivity
switchport port-security aging time 5
switchport port-security

SW2
int fa0/15
mac access-group e6000 in
mac access-list extended e 6000
deny any any etype-6000
deny any any etype-6000
permit any any

SW1
ip routing
router ospf 1
yy.yy.7.7 0.0.0.0 area 0
network yy.yy.234.1 0.0.0.0 area 1
network yy.yy.234.33 0.0.0.0 area 0

int vlan 140
ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
interface vlan 234
ip osp priority 0


SW2
ip routing
router ospf 1
network yy.yy.8.80.0.0 area 23
network yy.yy.234.2 0.0.0.0 area 1
network yy.yy.234.65 0.0.0.0 area 23
interface vlan 234
ip ospf priority 0


SW3
ip routing
router ospf 1
area 1 virtual-link yy.yy.10.10 authentication message-digest
area 1 virtual-link yy.yy.10.10 message-digest-key 1 md5 cisco
network yy.yy.9.9 0.0.0.0 area 1
network yy.yy,234.3 0.0.0.0 area 1
network yy.yy.234.66 0.0.00 area 23
network yy.yy.128.161 area 1
netwotk yy.yy.234.3 0.0.0.0 area 1
network yy.yy.128.161 0.0.0.0 area 1
network yy.yy.234.98 0.0.0.0 area 1

int vlan 234
ip ospf priority 0



SW4
ip routering
area 1 virtual-ink yy.yy.9.9 authenticatino message-digest
message-digest-key 1 md5 cisco
network yy.yy.10.10  0.0.0.0 area 1
network yy.yy.234.4 0.0.0.0 area 1
netwotk yy.yy.234.34 0.0.0.0 area 0
netwotk yy.yy.128.129 0.0.0.0 area 1
network yy.yy.234.97 0.0.0.0 area 1

int vlan 234

int vlan 140
iip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco




R2
router ospf 1
netwotk yy.yy.2.2 0.0.0.0 area 1
netwotk yy.yy.128.130 0.0.0.0 area 1
network yy.yy.128.162 0.0.0.0 area 1


R4
rotuer rip
version 22
passive-interface default
neighbor yy.yy.12865
neighbor yy.yy.128.98
netwotk yy.0.0.0
no auto-summary
redistribute eigrp yy metric 5


int s0/0/0
ip access-group FROM BB1 in
ip acces-list standard FRO_BB1
deny 199.17.2.0 0.0.255.255
permit any
access-list 10 deny 199.172.0.0 0.0.255.255
router eigrp y
no auto-summary
redistribute rip metric 1544 200 255 1 1500



SW1
router rip
version 2
passive-interface default
neighbor yy.yy.128.66
network yy.yy.0.0
no auto-summary
redistribute ospf 1 metric 3
router ospf 1
redistribute rip subnts


SW2
router rip version 2
passive0interface default
neighbor yy.yy.128.99
netwotk yy.0.00
no auto0summary
redsitribute ospf 1 metric 3

router ospf 1
redistribute rip subnets





!!!implement IPV4 EIGRP!!!
R1
router eigrp yy
no auto0summar
network yy.yy.1.1 0.0.0.0
netwotk yy.yy.14.1 0.0.0.0
network yy.yy.128.1 0.0.0.0
netwotk 150.1.yy.1 0.0.0.0


R2
access-list 5 permit yy.yy.128.0 0.0.0.3
router eigrp yy
no auto0summary
netwotk yy.yy.23.2 0.0.0.0
refistribute ospf metric 1544 2000 255 1 500
distance 125 yy.yy.23.1 0.0.0.5

router ospf 1
redistribute eigrp yy subnets

interface s0/1/0
ip summary eigrp yy 198.2.0.0 255.255.248.0


R3
router eigrp yy
no auto-summary
netwotk yy.yy.3.3 0.0.0.0
netwotk yy.yy.23.1 0.0.0.0
netwotk 150.2.yy.1 0.0.0.0
network yy.yy.128.33 0.0.0.0


R4
access-list 5 permit yy.yy.128.32 0.0.0.31
router eigrpp yy
no auto-summary
netwotk yy.yy.4.4 0.0.0.0
netotk yy.yy.14.2 0.0.0.0
distanve 15 yy.yy.14.1 0.0.0.0 5


SW1
router eigrp yy
no auto-summary
netwotk yy.yy.128.2 0.0.0.0

SW4
router eigrp yy
no auto-summary
netwotk yy.yy.128.34 0.0.0.0


R5
router eigrp 100
no auto-summary
netwotk yy.yy.5.5 0.0.0.0
network yy.yy.128.194 0.0.0.0
network yy.yy.128.255 0.0.0.0
netwotk 150.3.yy.1 0.0.0.0


SW2
router eigrp 100
no auo-summary
network y.yy.128.193 0.0.0.0
redistribute ospf 1 subnets


SW3
router eigrp 100
no auro-summary
network yy.yy.128.126 0.0.0.0

router ospf 1
redsitribute eigrp 100 subnets
router eigrp 100
redistribute ospf mwtric 1544 2000 255 1 1500



!!!2.4 Implement IPv4BGP!!!

R1
router bgp 254
gp router-id yy.yy.1.1
bgp log-neighbor-changes
neighbor yy.yy.3.3 remote-as 254
neighbor y.yy.3.3 update-source lo 0
neibhbor yy.yy.128.2 remote-as yy
neighbor yy.yy.128.2 ebgp multihop 10
neighbor 150.1.yy.254 remote-as 254
neighbor 150.1.yy.254 mukimum-prefix 10 100 warning-only
no auto-summary




R2
router bgp 64500
no synchronization
bgp router-iid yy.yy.2.2
bgp log-neighbor-chnges
bgp confederation identufer yy
bgp confederation peers 645y
neighbor yy.yy.9.9 remote-as 645yy
neighbor yy.yy.9.9 ebgp-multihop
neighbor yy.yy.9.9 update-source lo 0
neighbor yy.yy.10.10 remote-as 645yy
neighbor yy.yy.19.19 ebgp-multihop 10
neighbor yy.yy.10.10 update-source o 0
no auto-smummary


R3
router bgp 254
no synchronizatin
bgp router-id yy.yy.3.3
bgp log-neighbor-changes
neighbor yy.yy.1.1 remote-as 254
neighbor yy.yy.1.1 updatesource-lo 0
neighbor yy.yy.128.34 remote-as yy
neighbor yy.yy.128.34 ebgp-multihop 10
neighbor 150.2.yy.254 remote-as 254
no auto summary


SW1
router bgp 645yy
no sync
bgp router-id yy.yy.7.7
bgp log-neighbor-changes bgp
confederation identifer yy
aggegate-address 199.68.0.0 255.255.224.0 as-set summary-only
yy.yy.1010 remote-as 645yy
yy.yy.10.10 update-surce lo 0
yy.yy.10.10 route-reflector-lient
neighbor yy.yy.10.10 next-hop-self
neighbor yy.yy.128.1 remote-as 254
neighbor yy.yy.128.1 ebgp-multihop 10
no auto-summary

SW2
router bgp 645yy
no sync
bgp router-id yy.yy.8.8
bgp log-neighbor-changes
bgp confederation identifier yy
neighbor yy.yy.10.10 remote-as 645 yy
neighbor yy.yy.10.10 update-surce lo 0
no auto-summary


SW3
router bgp 645yy
no sync
bgp route-id yy.yy.9.9
bgp log-neighbor-changes
bgp confederation identifer yy
bgp confederation peers 64500
neighbor yy.yy.2.2 remote-as 64500
neighbor yy.yy.2.2 ebgp-multihop 10
neighbor yy.yy.2.2 update-source lo 0
neighbor yy.yy.10.1 remote-as 645yy
neirhbor yy.yy.10.10 update-source lo 0
neighbor yy.yy.10.10 route-refrector-client
no autto-summary


SW4
router bgp 645yy
no sync
bgp router-id yy.yy.10.10
bgp log-neighbor-changes
bgp confederation identifer yy
bgp confederatino peers 64500
neighbor yy.yy.2.2 remote-as 64500
neighbor yy.yy.2.2 ebgp multihop 10
neighbor yy.yy.2.2 update-surce lo 0
neighbor yy.yy.7.7 remote-as 645yy
neighbor yy,yy,7.7 update-souce lo 0
neighbor yy.yy.7.7 route-refrector client
neighbor yy.yy.8.8 remote-as 645yy
neighbor yy.yy.8.8 update-source lo 0
neighbor yy.yy.8.8 route-refrector client
neighbor yy.yy.9.9 remote-as 645yy
neighbor yy.yy.9.9 update-source lo 0
neighbor yy.yy.9.9 route-reflector client
neighbor yy.yy.128.33 remote-as 254
neighbor yy.yy.128.33 ebgp multihop 10
no auto-summary



!!!Implement MPLS!!!
R1
mpls ip
mpls label-protocol ldp
mpls ldp route-id lo 0 force
ip vrf vpn yy
rd 100:1
route-target both 100:1
route-target import 300:1
interface s0/1/0.231
mpls ip
in s0/0/0
ip vrf forwarding vpnyy
ip address yy.yy.14.1 255.255.255.252

router eigrp 1
address-fammily ipv4 vrf vpn1yy
default-metric 10000 1 255 1 1500
redistribute bgp 254
network yy.yy.14.1 0.0.0.0
no auto-summary
autonomous-system yy
esit address-family

router bgp 254
no bgp default ipv4-unicast

address-family vpnv4
neighor yy.yy.3.3 activate
neighbor yy.yy.3.3 send-community extended
no auto-summary
exit address-family

address-family ipv4
neighbor yy.yy.3.3 activate
no auto-summary
no synchronizatin
exit address-family

address-family ipv4 vrf vpnyy
redistribute eigrp yy
no auto-summary
no sync
exit
address-family


R3
mpls ip
mpls label protocol ldp
mpls ldp route-id lo 0 force
ipvrf vpn3yy
id 300:1
route-target both 300:1
route-target import 100:1
interface s0/0/0.233
mpls ip
int s0/1/0
ip vrf forwarding vpn3yy
ip add yy.yy.23.1 255.255.255.252
rotuer eigrp 1
address-family ipv4 vrf vpn yy
default-metric
redistribute bgp 254
network yy.yy.23.1 0.0.0.0
no auto-summary
autonomous-system yy
exit address-family

router bgp 254
no bgp ipv4-unicast

address-family vpnv4
neighbor yy.yy.1.1 activate
neighbor yy.yy.1.1 send-community extended
no auto-summary
exit addres-family

address-faily ipv4
neighbor yy.yyy.1.1 activate
no auto-summary
no synchronization
exit address-family

address-family ipvr vrf vln3yy
redistribute eigrp yy
no auto-summary
no synchroniztion
exit address-family



!!!2.6Implement IPv6 OSPFv3!!!
R1
ipv6 unicast-routing
ipv6 router ospf 1
router-id 1.1.1.1
area 0 range FC01:ABC:123::/64
no shut

int s0/1/0.231
ipv6 address FC01:ABC:123::/64
ipv6 ospf 1 area 0
interfce tun 0
no ip add
ipv6 address FC01:ABC:100::1/64
ipv6 ospf 1 area 0
runnel source lo 0
tunnel destination yy.yy.8.8


R3
ipv6 unicast-routing
ipv6 router ospf 1
router-id 3.3.3.3
ara 0 rage FC01:ABC:123::/64
no shut
int s0/0/0.254
ipv6 address FC01:ABC:123:A::/64 eeui-64
ipv6 ospf 1 area 0

int tun 0
ipv6 address FC01:ABC:200::1/64
ipv6 ospf 1 area 0
tunnel source lo 0
tunnel destination yy.yy.9.9



R5
ipv6 unicast-routing
ipv6 router ospf 1
rotuer-id 5.5.5.5
area 0 range FX01:ABC:123::/64
no shut

int fa0/1.52
ipv6 adress FC0t:ABC:123:B::/64 eui-64
ipv6 ospf 1 area 0

int fa0/1.53
ipv6 address FC01:ABC:123:C:Y/64 eui-64
ipv6 ospf 1 area 0


SW2
sdm prefer dual-ipv4-and-ipv6 default
ipv6 unicast-routing
ipv6 router ospf 1
router-id 8.8.8.
area 0 range FC01:ABC:123:B::/64 eui-64
ipv6 ospf 1 area 0
int tun 0
no ip add
ipv6 add FC01:ABC:100::2/64
ipv6 ospf 1 area 0
tunnel source lo 0
tunnel destinatino yy.yy.1.1


SW3
sdm preer dual-ipv4-and-ipv6 default
ipv6 unicast routing
ipvt router ospf 1
router-id 9.9.9.9
area 0 range FC01:ABC:123::/64
no shut

int vlan 53
ipv6 address FC01:ABC:123::/64 eui 64
                       ↑
？文字化けしてて数字がわからん
ipv6 ospf 1 area 0


int tun 0
no ip add
iv6 add FC01:ABC:200::2/64
ipv6 ospf 1 area 0
tunnel source lo 0
tunnel destination 19.19.3.3


R1
ip multicast-routing
int lo 0
ip pim spase-mode
ip igmp join-group 234.5.5.5
int s0/1/0.231
ip pim sparse-mode
int fa0/0
ip pim sparse-mode
ip pim send-rp announce lo 0 scope 16 group-list 10
ip pim sen-rp discovery lo 0 scope 16

access-list 10 permit host 234.5.5


R3
ip multicast-routing
int s0/0/0.233
ip pim spase-mode



!!!3.2 Help-Map!!!

R1
ip forward-protocol udp 3000
ip access-list extended UDP_3000
permit multicast helper-map 234.22.2 yy.yy.128.63 UDP_3000
int fa0/0
ip directed-broadcast

R3
ip forward-protocol udp 3000
ip access-list extendedudp_3000
permit udp yy.yy.128.32 0.0.0.31 any eq 3000

int fa0/1
ip pim sparse-mode
ip multicast helper-map
234.5.5.5 yy.yy.128.63 UDP_3000


!!!4.1 FTP_Access!!!
R5
username CISCO priviledge 5 password cisco
priviledge exec level 5 copy running-config startup-config
priviledge exec level 5 show clock
priviledge exec level 5 show ip int b
line vty 0 4
trsnaport input telnet
login local

!!!4.2 vlan-map!!!
SW2
access-list 101 permit ip any host yy.yy.128.194 eq telnet
acdcess-list 301 permit ip any host yy.yy.128.225 eq telent
access-list 101 permit ip any host yy.yy.5.5 eq telnet

vlan acess-map tel 15
match ip address 101
action drop

vlan access-map tel 20
action forward
vlan fillter tel vlan-list 230



!!!4.3 HSRP!!!
SW2
int vlan 42
standby 1 ip yy.yy.128.100
standby 1 prirority 100
standby 1 preempt

SW3
int fa0/0
standby 1 ip yy.yy.128.100
standby 1 priority  150
standby 1 perempt


!!!4.4 ntp!!!
R2
clock set 06:00:00 1 JAN 2000
ntp master 5
ntp authentivati-key 1 md5 cisco
ntp authenticate
ntp trusted-key 1
ntp source lo 0
ntp servver yy.yy.128.254

ntp up@date-calender
clock calender-valid

int fa0/1
ntp broadcast key 1

ntp authentication-key 1 md5 cisco
ntp authtenticate
ntp trusted-key 1
int vlan 23
ntp broadcast client


R1
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp trusted-key 1
ntp server yy.yy.2.2 key 1 sourcw lo 0


!!!4.5 QoS CAR!!!
SW3
mls qos
ip access-list exrnded UDP_4000
permit udp yy.yy.0.0 0.0.0.31 any
class-map UDP_4000
match access-list  group-name UDP4000
policy-map RATE-LIMIT
class UDP 4000
police 2000000 62500 exceeded-action drop

int vlan 23
service-policy input RATE-LIMIT



!!!5.1 HTTP Access!!!
R3
ip http server
time-range HTTP
periodec weekdays 10:00to 2:00
ip access-list extended strict
permit tcp 150.2.19.0 0.0.0.255 any eq www time-range HTTP
permit ip any any
int fa 0/0
ip access-group strict in


!!!5.2 Router IP trafic Export!!!
R1
ip traffic-export profile Export
interface fa0/0
mac-adress 0010.0020.0030;
incomming sample one-in-every 50
icomming access-list 100

int s0/0
ip trafic-export apply Export
access-list 100 tcp any any eq telnet
access-list 100 permit tcp an eq telnet any


!!!5.3 IP Source Tracker!!!
R5
ip source-track address-limit 5
ip source-track syslog-interval 1
ip source-track 150.3.yy.201
ip source-track 150.3.yy.202
ip source-track 150.3.yy.203
ip source-track 150.3.yy.204
ip source-track 150.3.yy.205

けぇにぷらす

###########################################################

LAB K2+

###########################################################





!!!1.1!!!
R1
int g0/1.11
no encapslation dot1q 11 native
encaps dot1q 11
ip address yy.yy.0.97 255.255.255.224

SW3
no monitor session all
int fa0/10
switchport access vlan 33
int vlan 33
ip add 150.3.yy.1 255.255.255.0



!!!1.2!!!

SW1
interface fa0/2
switchport mode access
swirchport access vlan 20

int fa 0/3
switchport mode access
switchport access vlan 20

int fa 0/4
switchport mode access
switchport access vlan 43

int fa0/5
switchport mode access
switchport access vlan 54

int vlan 12
ip add yy.yy.128.98 255.255.255.224
no shut


int vlan 51
ip add  yy.yy.0.129 255.255.255.224
no shut


int fa0/10
no switchport
ip add 150.1.yy.1 255.255.255.0



SW2
int fa0/2
switchport mode access
switchport acess vlan 234

int fa0/3
switchport mode access
switchport access vlan 300

int fa0/4
switchport mode access
switchport access vlan 54


int fa0/5
switchport mode access
switchport access vlan 51

int vlan 42
ip add yy.yy.128.129 255.255.255.224
no shut

int vlan 243
ip add yy.yy.128.163 255.255.255.224
no shut

int fa 0/10
no switchport
ip add 150.2.yy.1 255.255.255.0
no shut



SW3
int fa0/10
switchport mode access
switchport access vlan 33

int vlan 243
ip add yy.yy.128.161 255.255.255.224
no shut

int vlan 234
ip add yy.yy.128.195 255.255.255.224
no shut

int vlan 33
ip add 150.3.yy.1 255.255.255.0
no shut



SW4
int vlan 243
ip add yy.yy.128.194 255.255.255.224
no shut




!!!1.3!!!
SW1
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
int range fa0/19 - 24
udld port aggresive

SW2
spaning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
int range fa0/19 - 24
udld port aggressive

SW3
spanning-tree mode rapid-pvst
spanning-tree portfast bpdugurad default
int range fa0/19 - 24
udld port aggressive

SW4
spanning-tree mode rapid-pvst
spanning-tree portfast bpdugurd default
int range fa0/19 - 24
udld port aggresive


SW1
int range fa0/2 - 5
spanning-treeportfast

SW2
int range fa0/2 - 5
spaning-tree portfast

SW3
int range fa0/10
spanning-tree bpduguard disable




!!!1.4!!!
SW1
int range fa0/19 - 24
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
no sht
exit


SW2
int range fa0/19 - 24
switchport trunk encapslatio dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit



SW3
int range fa0/19 - 24
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit



SW4
int range fa0/19 - 24
switchport trunk enccapslaton dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit



SW1
int rane fa 0/19 - 20
channel-group 13 mode active
exit
int range fa 0/21 - 22
channel-group 14 mode active
exit
int range fa 0/23 - 24
channel-group 12 mode active
port-channel load-balanece dst-ip


SW2
int range fa0/19 - 20
channel-group 24 mode active
exit

int range fa0/21 - 22
channel-group 23 mode active
int range fa0/23-24
channel-group 23 mode active
exit
port-channel load-balance dst-ip





SW3
int range fa0/19
channel-group 13 mode active
exit
int range fa 0/21 - 22
channel-group 23 mode active
exit
int range fa0/23 - 24
channel-group 24 mode active
exit
port-channel load-balance dst-ip


SW4
int range fa0/19 20
channel-group 24 mode active
exit
int range fa0/21- 22
channel-group 14 mode active
exit
int range va 0/23 - 24
channel-group 34 mode active
exit
port-vhannel load-balance dst-ip


SW2
int fa0/1
switchport trunk encapslation dot1q
switchport mode trunk
switchport trunk allowed vlan 11,12
switchport nonegotiate
no shut
exit


R1
int fa0/1
no ip address
no shut
exit
int fa0/1.11
encapslatin dot1q
ip address yy.yy.0/65 255.255.255.224
no shut
exit
intfa0/1.12
encapslation dot1q 12
ip add yy.yy.128.97 255.255.255.224
no shut
exit




!!!1.5!!!
SW3
no monitor session all
monitor session 1 source intfa0/1 - 8 port-channel 13 both
monitor session 1 definition fa 0/11
SW1
mac adress-table aging-time 150 vlan 20



!!!1.7!!!
R5
frame-relay switching
int s0/0
encapslation frame-relay
frame-relay lmi-type cisco
frame-relay intf-ty dce
clock rate 64000
frame-relay roue 221 interface serial 0/1 223
no ip  address
no shut
exit
int s0/1
encapslation frame-relay
frame-relay lmi-type cisco
frame-relay lmi-type dce
clock rate 64000
frame-relay route 223 interfce serial 0/0 221
no ip address
no shut
exit

R1
interface serial 0/1
encapslation frame-relay inverse-arp
no arp frame-relay
no ip address nosshut
exit
int s0/1.221 point-to-point
no ip address
frame-relay interface-dlci 221 ppp virtual-template 1
exit
exit
interface multilink
ppp multilink
ppp multilink grpup 1
ip unnumbered lo 0
exit

interace virtual-template 1
ppp multilink
ppp multilink grpoup 1
exit



R3
interface serial 0/0
encapslation frame-relay
no frame-relay inverse arp
no arp frame-relay
no ip address
no shut
exit
intefrce s0/0.223 point--to-point
frame-relay interfce-dlci 223 ppp vitrual-template 1
exit

interfrace multilink 1
ppp multilink
ppp multilink group 1
ip unnumbered lo 0
exit
interfce virtual-template 1
exit
ppp multilink
ppp multilink group 1
exit

R2
interface fa 0/0
ip address yy.yy.128.255 255.255.255.224
no shut
exit
interface fa0/1
ip add yy.yy.128.193 255.255.255.224
no shut
exit
interface serial  0/1
encapslation ppp
ip unnumbered fa0/0
no shu
exit


R3
int fa0/0
ip add yy.yy.0.33 255.255.255.224
no shut
exit
int fa 0/1
ip add yy.yy.0.1 255.255.255.224
exit
int s0/1
encapslation ppp
ip unnumbered fa 0/1
clockrate 64000
no shut
exit


R4
int fa0/0
ip add yy.yy.128.130 255.255.255.224
no shut
exit
int fa0/1
ip add yy.yy.254.2 255.255.255.0
no shut
exit


R5
int fa0/0
ip add yy.yy.254.1 255.255.255.0
no shut
exit
int fa0/1
ip add yy.yy.0.130 255.255.255.224
no shut
exit




!!!2.1!!!
SW1
ip routing
router ospf yy
router-id yy.yy.7.7
network yy.yy.7.7 0.0.0.0 area 0
network yy.yy.128.98 0.0.0.0 area 0
network yy.yy.0.129 0.0.0.0 area 52
redisstribute connected subnets rroute-map bb1
default-information originate always
exit
route-map bb1 permit 10
match interface fa0/0

R1
router ospf yy
router-id yy.yy.1.1
network yy.yy.1.1 0.0.0.0 area 0
network yy.yy.0.65 0.0.0.0 area 0
network yy.yy.128.97 0.0.0.0 area 0


R3
router ospf yy
router-id yy.yy.3.3
network yy.yy.3.3 0.0.0.0 area 0
network yy.yy.0.1 0.0.0.0 area 1
network yyy.yy.33 0.0.0.0 are 1
exit

R2
router ospf yy
router-id yy.yy.2.2
network yy.yy.2.20.0.0.0 area 1
network yy.yy.128.225 0.0.0.0 area 1
network yy.yy.128.193 0.0.0.0 area 1
exit


SW3
ip routing
router ospf yy
router-id yy.yy.9.9
network yy.yy.9.9 0.0.0.0 area 1
networrk yy.yy.128.195 0.0.0.0 area 1
network 128.161 0.0.0.0 area 1
exit

SW4
ip routing
router ospf yy
router-id yy.yy.10.10
yy.yy.10.10 0.0.0.0 area 1
network yy.yy.10.10 0.0.0.0area 1
network yy.yy.128.194 0.0.0.0 area 1
network yy.yy.128.162 0.0.0.0 area 1
exit

SW2
ip routing
router ospf yy
router-id yy.yy.8.8
network yy.yy.8.8 0.0.0.0 area 1
network yy.yy.128.129 0.0.0.0 ara 1
network yy.yy.128.163 0.0.0.0 area 1
redisrtribuute connected route-map bb2
default-information originate always
exit
route-map bb2 permit 10
match interfce fa0/10
exit

!!!2.3!!!

R5
router eigrp yy
no auto-summary
network yy.yy.254.1 0.0.0.0
redistribute connected metric 10000 100 255 1 1500 route-map lo
exit
route-map loopback permit 10
match int lo 0
exit
exit

SW3
router eigrp 100
no auto-summary
network 150.3.yy.1 0.0.0.0
eigrp stub receive-only
distribute-list rotue-map tag in vlan 33
exit
access-list 10 permit 0.0.0.0 127.255.255.255
route-map tag permit 10
match ip address 10
set tag 200
route-map tag permit 20
exit
router ospf yy
redistribute eigrp 100 subnets
summary-address 198.0.0.0 255.0.0.0
exit


!!!2.3!!!

R2
router bgp yy
no auto-summary
no syncronization
bgp router-id yy.yy.2.2
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbor ibgp update-source lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.7.7 peergrpup ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor yy.yy.8.8 weight 100
exit

R3
router bgp yy
no auto-summary
nosyncronization
bgp rouer-id yy.yy.3.3
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbor ibgp update-spource lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.7.7 pee-group ibgp
neighbor yy..yy.8.8 peer-group ibgp
neighbor yy.yy.7.7 weight 100

SW1
router bgp yy
no auto summary
no syncronizationbgp router-id yy.yy.7.7
neighbor ibgp peer-group
ibgp remote-as y
neighbor ibgp update-source lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor 150.1.yy.254 remoe-as 254




SW2
ip routeing
router bgp yy
no auto-summary
no syncronization
bgp router-id yy.yy.8.8
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbot ibgp update-source lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.7.7 peer-group ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor 150.2.yy.254 route-map as in
exit
route-map as permit 10
set as-path prepend 253
exit
exit


!!!2.4!!!
R4
ip cef
mpls labelprotocol ldp
mpls ldp route0id lo 0 force
int fa0/1
mpls ip
exit
ip vrf vpn yy
vrf 100:1
route-target both 100:1
exit
interfce fa0/0
ip vrf forwarding vpn yy
ip address yy.yy.128.130 255.255.255.224
exit
router bgp 100
no auto-summary
no synchronization
bgp router-id yy.yy.4.4
neighbor  yy.yy.5.5 update-source lo 0
neighbor yy.yy.5.5 remote-as 100
address-family vpn 4
neighbor yy.yy.5.5 active
neighboryy.yy.5.5 send-community-extended
exit
no bgp defualt ipv4-unicast
address-family ipv4 vrf vpn VPNYY
redistribute ospf yyvrf vpn yy
exit
exit
router ospf yy vrf vpn yy
redistribute bgp 100 subnets
netwrpk yy.yy.128.130 0.0.0.0
exit



R5
ip cef
mpls label protocop ldp
mpls ldp router-id lo 0 force
int fa0/3
mpls ip
exit
ipvrf vpn yy
rd 100:1
rote-target both 100:1
exit
int fa0/1
ip vrf forwarding vrf vpn yy
ip add yy.yy.0.130 255.255.255.224
exit
router bgp 100
no auto sum
no sync
router-id yy.yy.5.5
neighbor yy.yy.4.4 remote-as 100
neighbor yy.yy.4.4 update-source lo 0
address-familyvpnv4
neighbor yy.yy.4.4activate
neighbor yy.yy.4.4 send-community extended
exit
no bgp default ipv4 unicast
addresfamily ipv4 vrf vpn yy
redistribute ospf yy vrf vpn yy
exit
exit
router ospf yy vrf vpn yy
router-sofp yy vrf vpn yy
router-id yy.yy.5.5
redistribute bgp 100 subnets
network yy.yy.0.130 0.0.0.0 area  51
area 51 virtual-link yy.yy.7.7
exit

SW1
roter ospf yy
are 51 virtual-link yy.yy.5.5
exit






!!!2.5!!!
R3
int tun 35
tunnel source lo 0
tunnel destination yy.yy.0.130
ip unnumberdrd fa0/0
ip ospf yy area 1
exit





R5
int tun 35
tunnel source fa0/1
tunnel destination yy.yy.3.3
ip vrf forawrding vpn yy
ip unnumberded fa0/1
ip ospf yy area 1
ip tunnel vrf vpn yy
exit


R4
int lo 0
ip vrf forwarding vpnyy
ip address yy.yy.100.4 255.255.255.255
exit


R5
int lo 1
ip vrf forwarding vpn yy
ip address yy.yy.100.5 255.255.255.255
exit


R4
router bgp 100
address-family ipv4 vrf vpnyy
router bgp 100
address-family ipv4 vrf vpnyy
network yy.yy.100.5 mask 255.255.255.255
exit

R4
router ospf yy vrf vpn yy
aea 1 sham-link yy.yy.100.5
exit

R5
router ospf yy vrf vpnyy
are 1 sham-link yy.yy.100.5 yy.yy.100.4
exit


R2
ipv6 unicast routing
int fa0/1
ipv6 address 20yy:1010:10::2/24
exit
int fa0/0
ipv6 address 20yy:1010:10::2/64

SW3
sdm prefer dual ipv4-ipv6 routeing
int vlan 33
ipv6 address 20yy:1010:222::9/64
exit
intvlan 234
ipv6 address 20yy:1010:10::9/64
exit


R2
ipv6 router rip cisco
exit
intfa0/0
ipv6 rip cisco enable
exit
int fa0/1
ipv6 rip cisco enable
exit





SW3
ipv6 router rip cisco
exit
intvlan 33
ipv6 cisvco rip enable
exit
int vlan 234
ipv6 rip cisco enable
ipv6 rip cisco default-informatio originate metric 2
exit



!!!3.1!!!
SW2
ip multicust-routing
ip pim auto-rp listner
int vlan 243
ip igmp join-group 239.10.5.1
exit

SW3
ip multicast-routing
ip pim auto-rp-listner
in  lo 0
ip pim sparse-mode
exit
int vlan 243
ip pim sparse-mpde
exit
access-list 10 permit 239.10.5.0 0.0.0.355
ip pim send-rp-announce ki o scope 16 group-list 10

SW4
ip muilticast-routing
ip pim auto-rp listner
int lo 0
ip pim sparse-,oe
exiit
int vlan 234
ip pim sparse-mode


!!!3.2!!!
access-list 20 permit 239.10.5
1
int vlan 243
ip igmp access-group 20

SW3
access-list 20 permit 239.10.5.1
int vlan 243
ip igmp acccess-group 20
exit


SW4
access-list 20 permit 239.10.5.1
int vlan 243
ip igmp access-group 20



!!!4.1!!!
LinkFragMentation


R1
map-class frame-relay FRTS
frame-relay cir  128000
frame-relay bcc 8000
frame-relay be 1000
exit

int s0/1
bandwidth 128
frame-relay traffic-shaping
exit
int s0/1.221 point-to-point
bandwidth 128
frame-relay interfce-dlci 221 ppp virtual-template 1
cclass FRTS
exit
exit
interfce Virtual-templat 1
bandwidth 128
exit
multilink bandle-name endpoint
int multilink 1
bandwidth 128
ppp multilink
bandwidth 128
ppp multilink
bandwidth 128
ppp multilink fragment delay 8
ppp multilink interleave
ppp multilink endpoint hostnae
exit




R3
map-class frame relay FRTS
frame-relay cir 1280000
frame-relay bc 8000
frame-relay be 1000
exit
int s0/0
bandwidth 128
frame-relay traffic-shaping
exit
int s9/1.223 point-to-point
bandwidth 128
frame-relay interface-lci 221 ppp virtual-template 1
class FRTS
exit
exit
int virtual-template 1
bandwidth 128
multilink-bandle endpoint hostname
exit



!!!4.2MQC!!!
R1
access-list 100 permit udp any any precedence critical
class-map match-all voip
match access-group 100
exit
policy-map voip
priority 45
exit
class class-default
fair-queue
exit
exit
interface multilink 1
service-policy output voip
exit


R3
aces-list 100 permit udp any any precedence critical
class-map match-all voip
exit
policy-map voip
class voip
priority 45
exit
class class-default
fair-queue
exit
exitinterface multilink 1
service-poicy output oip
exit


!!!4.3NTP!!!
R5
clock set 8:00:00 1 JAN 2010
conf t
clock timezone HK+8
nep master 5
ntp source fa0/1
ntp server yy.yy.254.254
ntp acces-group peer 10
ntp access-group serve-only 20
ntp peer vrf VPNyy yy.yy.3.3 key 1
ntp peer vrf VPNyy yy.yy.8.8
ntp peer vrf VPNyy yy.yy.7.7
access-list 10 permit yy.yy.254.254
access-list 10 permit 127..127.7.1
access-list 20 permit yy.yyy.3.3
access-list permit yy.yy.7.7
access-list 20 permit yy.yy.8.8
ntp update-calennder
clck calnder-vlid
ntp uthenticate
ntp trust-key 1
ntp authentication-key 1 md5 cisco



R3
clock timezone HK+8
ntp authenticate
ntp authentication-key 1 md5 cisco
ntp trust-key 1
ntp server yy.yy.0130 key 1 source lo 0
ntp update-calender
clock time-zone HK+8
ntpserer yy.yy.0.130 lo 0


SW2
clodk timezone HK+(
ntp server yy.yy.0.130 source lo 0


!!!4.3 Rsvp !!!!!!!!
R1
interface lo 0
ip rsvp bandwidth 64 64
exit
interface multilink 1
ip rsvp bandwidth 64 64
exit
ip rsvp reservation-host yy.yy.1.1 yy.yy.3.3 tp 23 10000 ff rate 10 1


R3
interface lo 0
ip rsvp bandwidth 64 64
exit
interfae multilinnk 1
ip rrsvp bandwidth 64 64
exit
ip rsvp sender-host yy.yy.1.1 yy.yy.3.3 23 10000 10 1


!!!4.4FirstHop redunndancy with Object Tracking!!!

SW3
track 10 ip route 0.0.0.0 0.0.0.0 reachability
interface vlan 234
sandby 1 ip yy.yy.128.96
standb 1 preempt
standby 1 track 10
standby 2 ip yy.yy.128.222
standby 2 priority 105
standby 2 preempt
standby 2 track
exit


SW4
track 10 ip rotue 0.0.0.0 reachability
interface vlan 234
standby 1 ip yy.yy.128.9
standby 1 pripority 105
standb 1 preempt
standby 1 track 10
standby 2 ip yy.yy.128.222
standby 2 track 10
exit




!!!MLS qos for Video!!!
SW4
mld qos
mps qos srr-queue output dscp-map queue 1 56
ip access-list extnded 100
permit ip host yy.yy.128.98 yy.yy.0.64 0.0.0.31
exit
clss-map match all voip
match access-group 100
exit
ms qos map policed-dscp 5 to 8
poliy-map policy
class voip
set ip dscp 56
police 300000 125000 exceeded-action police-dscp-trancemit
exit
exit
interface 0.6
service-policy input policy
mls qos cos 1
exit
interfce range fa0/19 - 24
mps qos trust dscp
mps qos cos 1
priority-queue out
exit



SW1
mls qos
ms qos srr-queue outout dscp-map queue 1 56
interface range fa019 - 24
mls qos trust dscp
mls qos cos 1
priority-queue out
exit



!!!5.1!!!


SW1
ip sla responder


SW2


SW2
mls qos
mos qos srr-queue output dscp-map queue 1 56
interface range fa0/19 - 24
mls qos trust dscp
mls qos cos
priority-queue out
int fa0/1
mls qos trust dscp
mps qos cos 1
priority-queue out
exit




!!!5.1 Ip Service Level Agreement!!!
SW1
ip spa responder

SW2
ip sa 1
tcp-connect yy.yy.7.7 23 source-ip yy.yy.8.
freuency 180
exit
ip sla 2
icmp-echo yy.yy.3.3 source-ip yy.yy.8.8
frquncy 180
exit
ip sla schedule 1 start-time now recuring
ip sla schedule 2 start-time now recuring


!!!5.2 SNMP !!!
R3
snmp-server communit public Ro
snmp-server community public ro
snmp community ciscoADMIN RW
snmp-server enable traps rsvp
snmp-server host yy.yy.128.336 public rsvp


SW2
snmp-server community public RO
snmp-server community ciscoADMIN RW
snmp-server user ciscoADMIN ciscoADMIN v1
snmp-server user ciscoADMIN ciscoADMIN v2c
snmp-server enable raps rtr
snmp-server host yy.yy.128.226 pubic rsvp



!!!5.2!!!
R3
snmp-server comunity public RO
snmp-server community ciscoADMIN RW
snmp-server enable trasps rsvp
enmp-server host yy.yy.128.226 public rsvp






SW2
snmp-server community public RO
snmp-server community public RO
snmp-server community ciscoADMIN RW
snmp-server user ciscoADMIN v1
snmp-server user ciscoADMIN v2c
snmp-server enable traps rtr
snmp-server host yy.yy.120.226 public rtr
ip sla reaction-configuration 1 react rtr threshold-type imediate action-type trapOnly
ip sla reaction-configuration 2 react rtr threshold imediate action-type traponly


!!!5.3!!!
R2
logging on
servicetimestaumps log dateline msec localtime
service timestamps debug datetim msec localtime
logging count
logging buffered 100000 warnings
ip ftp username reload
ip ftp passwprd cisco
exception corefile RackyyR2 compress
exception protocol ftp
exception dump yy.yy.126.196

R4
extendded ip access-list copp_acl_atack
10 permit udp any any eq 1434
20 permit udp any any eq 1434 any
30 permit ip any any fragments
extended ip access-list copp_acl_bgp
10 permit tcp any eq bgp host 1.1.4.4
20 permit tcp any host 1.1.4.4 eq bgp=179

extended ip access-list copp_acl_ldp
10 permit tcp any host 1.1.4.4 eq 646
20 permit tcp any eq 646 host 1.1.4.4
30 permit udp any eq 646 host 224.0.0.2 eq 646
extended ip access-list copp_acl_mgmt
10 permit icmp any　any
20 permit pim any any
extended ip access-list copp ospf

!!!5.4!!!

R4
mls qos
class map match-all telnet id3
matchaccess-group name copp_acl_telnet
class-map match-all attack
match access-group name copp_acl_attack
clas map match-all mgmt
match access-group name copp_acl_mgmt
class-map match-any class-default
match any

class map match-any ldp_bgp_ospf_eigrp id 1
match access-group name copp_acl_ldp
match access-group name copp_acl_bgp
match access-group name copp_acl_ospf
match access-group name copp_acl_eigrp
class-map match-all l2arp
match protocol arp
policy map police
class attack
policerate 10 pps burst 2 packet
conform-action drop
exceed-action drop
class ldp_bgp_ospf_eigrp
class telnet
poolicerate 100 pps burst 24 packets
conform action transmit
exceeded action trancemit