2011年10月11日火曜日

けぇご

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
K5
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!2.1 Implement the Access-switch ports of Switched Network!!!

SW1
spanning-tree mod rapod-pvst
int vlan 10
ip add yy.yy.28.2 255.255.255.224

int vlan 41
ip add yy.yy.128.65 255.255.255.224

int vlan 140
ip add yy.yy.234.33 255.255.255.224

int vlan 234
ip add yy.yy.234.1 255.255.255.224


SW2
spanning-tree mode rapid-pvst
int vlan 42
ip add yy.yy.128.98 255.255.255.224

int vlan 52
ip add yy.yy.128.193 255.255.255.224

int vlan 230
ip add yy.yy.234.65 255.255.255.0

int vlan 234
ip add yy.yy.234.2 255.255.255.224

int fa0/5
switchport trunk encapslation dot1q
switchport trunk allowedvlan 52,53
switchport mode trunk

SW3
spanning-tree mode rapid-pvst
int vlan 23
ip add yy.yy.128.161 255.255.255.224

int vlan 53
ip adde yy.yy.128.226 255.255.255.224

int vlan 230
ip add yy.yy.234.66 255.255.255.224

int vlan 340
ip add yy.yy.234.98 255.255.255.224
int fa0/8
spanning-tree bpduguad enable
errdisable recovery interval 90




SW4
spanning-tree mode rapid-pvst

int vlan 20
ip add yy.yy.128.129 255.255.255.224

int vlan 30
ip add yy.yy.128.34 255.255.255.224

int vlan 140
ip add yy.yy.234.34 255.255.255.224

int vlan 234
ip dd yyy.yy.234.4 255.255.255.224

int vlan 340
ip add  yy.yy.234.97 255.255.255.224


!!!1.3 ImplementFrame-Relay!!!
R1
int s0/1/0
encapslation frame-relay
no frame-reay inverse-arp
int s0/1/0.231 point-to-point
ip unnumbered lo 0
frame-relay interface-dlci 231

R3
int s0/0/0
encapslation frame-relay
no frame-reay inverse arp

int s0/0/0.223 point-to-point
ip unnumberded lo 0
frame-relay inteface-dlci 233







R5
frame-relay switching
int s0/0/0
no ip add
encapslation frame-relay
no frame-relay inberse arp
clock rate 128000
frame-relay lmi-ty cisco
frame-relay intf ty dce
frame-relay route 23
interface s0/1/0 233
int s0/1/0
no ip add
encapslation frame-relay
no frame-relay intf-ty dce
frame-route 233 interface s0/0/0 231

!!!1.4 Switching!!!
SW1
int range fa0/19 - 20
switchport trunk encapslation dot1q
switchort mode trunk
cannel-groupyy mode on
int range fa0/21 - 22
switchport trunk encapslation dot1q
switchport mode trunk

spanning-tree vlan 1 10 riority 0
spanning-tree vlan 20,30 priority 61440



SW2
int range fa019 - 20
switchport trunk enapslation dot1q
switchport mode trunk
channel-group yy mode on
int fa9/21 - 22
switchport trunk encapslation dot1q
switchport mode trunk

int range fa0/23 - 24
shutdown



SW3
int range fa0/19 - 20
switchport trunk encaslation dot1q
switchport mode trunk
channel-group yy mode on
int range fa0/21 - 22
switchport trunk encapslation dot1q
switchport mode trunk

int range fa0/23 - 24
shutdown


SW4
int range fa0/19 - 20
switchport trunk encapslation dot1q
switchport mode trunk
channel-group yy mode on


int range fa0/21-22
switchporttrunk encapslation do1a
switchport mode trunk

int range fa0/23 -24
switchport trunk encapslation dot1q
switchport mode trunk


!!!1.5 Switch port security!!!
SW3
int fa0/10
switchport port-security maximum 3
switchport port-security mac-address 0000.1234.1111
switchport port-security mac-address 0000.abcd.1111
switchport port-security aging type inactivity
switchport port-security aging time 5
switchport port-security

SW2
int fa0/15
mac access-group e6000 in
mac access-list extended e 6000
deny any any etype-6000
deny any any etype-6000
permit any any

SW1
ip routing
router ospf 1
yy.yy.7.7 0.0.0.0 area 0
network yy.yy.234.1 0.0.0.0 area 1
network yy.yy.234.33 0.0.0.0 area 0

int vlan 140
ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
interface vlan 234
ip osp priority 0


SW2
ip routing
router ospf 1
network yy.yy.8.80.0.0 area 23
network yy.yy.234.2 0.0.0.0 area 1
network yy.yy.234.65 0.0.0.0 area 23
interface vlan 234
ip ospf priority 0


SW3
ip routing
router ospf 1
area 1 virtual-link yy.yy.10.10 authentication message-digest
area 1 virtual-link yy.yy.10.10 message-digest-key 1 md5 cisco
network yy.yy.9.9 0.0.0.0 area 1
network yy.yy,234.3 0.0.0.0 area 1
network yy.yy.234.66 0.0.00 area 23
network yy.yy.128.161 area 1
netwotk yy.yy.234.3 0.0.0.0 area 1
network yy.yy.128.161 0.0.0.0 area 1
network yy.yy.234.98 0.0.0.0 area 1

int vlan 234
ip ospf priority 0



SW4
ip routering
area 1 virtual-ink yy.yy.9.9 authenticatino message-digest
message-digest-key 1 md5 cisco
network yy.yy.10.10  0.0.0.0 area 1
network yy.yy.234.4 0.0.0.0 area 1
netwotk yy.yy.234.34 0.0.0.0 area 0
netwotk yy.yy.128.129 0.0.0.0 area 1
network yy.yy.234.97 0.0.0.0 area 1

int vlan 234

int vlan 140
iip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco




R2
router ospf 1
netwotk yy.yy.2.2 0.0.0.0 area 1
netwotk yy.yy.128.130 0.0.0.0 area 1
network yy.yy.128.162 0.0.0.0 area 1


R4
rotuer rip
version 22
passive-interface default
neighbor yy.yy.12865
neighbor yy.yy.128.98
netwotk yy.0.0.0
no auto-summary
redistribute eigrp yy metric 5


int s0/0/0
ip access-group FROM BB1 in
ip acces-list standard FRO_BB1
deny 199.17.2.0 0.0.255.255
permit any
access-list 10 deny 199.172.0.0 0.0.255.255
router eigrp y
no auto-summary
redistribute rip metric 1544 200 255 1 1500



SW1
router rip
version 2
passive-interface default
neighbor yy.yy.128.66
network yy.yy.0.0
no auto-summary
redistribute ospf 1 metric 3
router ospf 1
redistribute rip subnts


SW2
router rip version 2
passive0interface default
neighbor yy.yy.128.99
netwotk yy.0.00
no auto0summary
redsitribute ospf 1 metric 3

router ospf 1
redistribute rip subnets





!!!implement IPV4 EIGRP!!!
R1
router eigrp yy
no auto0summar
network yy.yy.1.1 0.0.0.0
netwotk yy.yy.14.1 0.0.0.0
network yy.yy.128.1 0.0.0.0
netwotk 150.1.yy.1 0.0.0.0


R2
access-list 5 permit yy.yy.128.0 0.0.0.3
router eigrp yy
no auto0summary
netwotk yy.yy.23.2 0.0.0.0
refistribute ospf metric 1544 2000 255 1 500
distance 125 yy.yy.23.1 0.0.0.5

router ospf 1
redistribute eigrp yy subnets

interface s0/1/0
ip summary eigrp yy 198.2.0.0 255.255.248.0


R3
router eigrp yy
no auto-summary
netwotk yy.yy.3.3 0.0.0.0
netwotk yy.yy.23.1 0.0.0.0
netwotk 150.2.yy.1 0.0.0.0
network yy.yy.128.33 0.0.0.0


R4
access-list 5 permit yy.yy.128.32 0.0.0.31
router eigrpp yy
no auto-summary
netwotk yy.yy.4.4 0.0.0.0
netotk yy.yy.14.2 0.0.0.0
distanve 15 yy.yy.14.1 0.0.0.0 5


SW1
router eigrp yy
no auto-summary
netwotk yy.yy.128.2 0.0.0.0

SW4
router eigrp yy
no auto-summary
netwotk yy.yy.128.34 0.0.0.0


R5
router eigrp 100
no auto-summary
netwotk yy.yy.5.5 0.0.0.0
network yy.yy.128.194 0.0.0.0
network yy.yy.128.255 0.0.0.0
netwotk 150.3.yy.1 0.0.0.0


SW2
router eigrp 100
no auo-summary
network y.yy.128.193 0.0.0.0
redistribute ospf 1 subnets


SW3
router eigrp 100
no auro-summary
network yy.yy.128.126 0.0.0.0

router ospf 1
redsitribute eigrp 100 subnets
router eigrp 100
redistribute ospf mwtric 1544 2000 255 1 1500



!!!2.4 Implement IPv4BGP!!!

R1
router bgp 254
gp router-id yy.yy.1.1
bgp log-neighbor-changes
neighbor yy.yy.3.3 remote-as 254
neighbor y.yy.3.3 update-source lo 0
neibhbor yy.yy.128.2 remote-as yy
neighbor yy.yy.128.2 ebgp multihop 10
neighbor 150.1.yy.254 remote-as 254
neighbor 150.1.yy.254 mukimum-prefix 10 100 warning-only
no auto-summary




R2
router bgp 64500
no synchronization
bgp router-iid yy.yy.2.2
bgp log-neighbor-chnges
bgp confederation identufer yy
bgp confederation peers 645y
neighbor yy.yy.9.9 remote-as 645yy
neighbor yy.yy.9.9 ebgp-multihop
neighbor yy.yy.9.9 update-source lo 0
neighbor yy.yy.10.10 remote-as 645yy
neighbor yy.yy.19.19 ebgp-multihop 10
neighbor yy.yy.10.10 update-source o 0
no auto-smummary


R3
router bgp 254
no synchronizatin
bgp router-id yy.yy.3.3
bgp log-neighbor-changes
neighbor yy.yy.1.1 remote-as 254
neighbor yy.yy.1.1 updatesource-lo 0
neighbor yy.yy.128.34 remote-as yy
neighbor yy.yy.128.34 ebgp-multihop 10
neighbor 150.2.yy.254 remote-as 254
no auto summary


SW1
router bgp 645yy
no sync
bgp router-id yy.yy.7.7
bgp log-neighbor-changes bgp
confederation identifer yy
aggegate-address 199.68.0.0 255.255.224.0 as-set summary-only
yy.yy.1010 remote-as 645yy
yy.yy.10.10 update-surce lo 0
yy.yy.10.10 route-reflector-lient
neighbor yy.yy.10.10 next-hop-self
neighbor yy.yy.128.1 remote-as 254
neighbor yy.yy.128.1 ebgp-multihop 10
no auto-summary

SW2
router bgp 645yy
no sync
bgp router-id yy.yy.8.8
bgp log-neighbor-changes
bgp confederation identifier yy
neighbor yy.yy.10.10 remote-as 645 yy
neighbor yy.yy.10.10 update-surce lo 0
no auto-summary


SW3
router bgp 645yy
no sync
bgp route-id yy.yy.9.9
bgp log-neighbor-changes
bgp confederation identifer yy
bgp confederation peers 64500
neighbor yy.yy.2.2 remote-as 64500
neighbor yy.yy.2.2 ebgp-multihop 10
neighbor yy.yy.2.2 update-source lo 0
neighbor yy.yy.10.1 remote-as 645yy
neirhbor yy.yy.10.10 update-source lo 0
neighbor yy.yy.10.10 route-refrector-client
no autto-summary


SW4
router bgp 645yy
no sync
bgp router-id yy.yy.10.10
bgp log-neighbor-changes
bgp confederation identifer yy
bgp confederatino peers 64500
neighbor yy.yy.2.2 remote-as 64500
neighbor yy.yy.2.2 ebgp multihop 10
neighbor yy.yy.2.2 update-surce lo 0
neighbor yy.yy.7.7 remote-as 645yy
neighbor yy,yy,7.7 update-souce lo 0
neighbor yy.yy.7.7 route-refrector client
neighbor yy.yy.8.8 remote-as 645yy
neighbor yy.yy.8.8 update-source lo 0
neighbor yy.yy.8.8 route-refrector client
neighbor yy.yy.9.9 remote-as 645yy
neighbor yy.yy.9.9 update-source lo 0
neighbor yy.yy.9.9 route-reflector client
neighbor yy.yy.128.33 remote-as 254
neighbor yy.yy.128.33 ebgp multihop 10
no auto-summary



!!!Implement MPLS!!!
R1
mpls ip
mpls label-protocol ldp
mpls ldp route-id lo 0 force
ip vrf vpn yy
rd 100:1
route-target both 100:1
route-target import 300:1
interface s0/1/0.231
mpls ip
in s0/0/0
ip vrf forwarding vpnyy
ip address yy.yy.14.1 255.255.255.252

router eigrp 1
address-fammily ipv4 vrf vpn1yy
default-metric 10000 1 255 1 1500
redistribute bgp 254
network yy.yy.14.1 0.0.0.0
no auto-summary
autonomous-system yy
esit address-family

router bgp 254
no bgp default ipv4-unicast

address-family vpnv4
neighor yy.yy.3.3 activate
neighbor yy.yy.3.3 send-community extended
no auto-summary
exit address-family

address-family ipv4
neighbor yy.yy.3.3 activate
no auto-summary
no synchronizatin
exit address-family

address-family ipv4 vrf vpnyy
redistribute eigrp yy
no auto-summary
no sync
exit
address-family


R3
mpls ip
mpls label protocol ldp
mpls ldp route-id lo 0 force
ipvrf vpn3yy
id 300:1
route-target both 300:1
route-target import 100:1
interface s0/0/0.233
mpls ip
int s0/1/0
ip vrf forwarding vpn3yy
ip add yy.yy.23.1 255.255.255.252
rotuer eigrp 1
address-family ipv4 vrf vpn yy
default-metric
redistribute bgp 254
network yy.yy.23.1 0.0.0.0
no auto-summary
autonomous-system yy
exit address-family

router bgp 254
no bgp ipv4-unicast

address-family vpnv4
neighbor yy.yy.1.1 activate
neighbor yy.yy.1.1 send-community extended
no auto-summary
exit addres-family

address-faily ipv4
neighbor yy.yyy.1.1 activate
no auto-summary
no synchronization
exit address-family

address-family ipvr vrf vln3yy
redistribute eigrp yy
no auto-summary
no synchroniztion
exit address-family



!!!2.6Implement IPv6 OSPFv3!!!
R1
ipv6 unicast-routing
ipv6 router ospf 1
router-id 1.1.1.1
area 0 range FC01:ABC:123::/64
no shut

int s0/1/0.231
ipv6 address FC01:ABC:123::/64
ipv6 ospf 1 area 0
interfce tun 0
no ip add
ipv6 address FC01:ABC:100::1/64
ipv6 ospf 1 area 0
runnel source lo 0
tunnel destination yy.yy.8.8


R3
ipv6 unicast-routing
ipv6 router ospf 1
router-id 3.3.3.3
ara 0 rage FC01:ABC:123::/64
no shut
int s0/0/0.254
ipv6 address FC01:ABC:123:A::/64 eeui-64
ipv6 ospf 1 area 0

int tun 0
ipv6 address FC01:ABC:200::1/64
ipv6 ospf 1 area 0
tunnel source lo 0
tunnel destination yy.yy.9.9



R5
ipv6 unicast-routing
ipv6 router ospf 1
rotuer-id 5.5.5.5
area 0 range FX01:ABC:123::/64
no shut

int fa0/1.52
ipv6 adress FC0t:ABC:123:B::/64 eui-64
ipv6 ospf 1 area 0

int fa0/1.53
ipv6 address FC01:ABC:123:C:Y/64 eui-64
ipv6 ospf 1 area 0


SW2
sdm prefer dual-ipv4-and-ipv6 default
ipv6 unicast-routing
ipv6 router ospf 1
router-id 8.8.8.
area 0 range FC01:ABC:123:B::/64 eui-64
ipv6 ospf 1 area 0
int tun 0
no ip add
ipv6 add FC01:ABC:100::2/64
ipv6 ospf 1 area 0
tunnel source lo 0
tunnel destinatino yy.yy.1.1


SW3
sdm preer dual-ipv4-and-ipv6 default
ipv6 unicast routing
ipvt router ospf 1
router-id 9.9.9.9
area 0 range FC01:ABC:123::/64
no shut

int vlan 53
ipv6 address FC01:ABC:123::/64 eui 64
                       ↑
?文字化けしてて数字がわからん
ipv6 ospf 1 area 0


int tun 0
no ip add
iv6 add FC01:ABC:200::2/64
ipv6 ospf 1 area 0
tunnel source lo 0
tunnel destination 19.19.3.3


R1
ip multicast-routing
int lo 0
ip pim spase-mode
ip igmp join-group 234.5.5.5
int s0/1/0.231
ip pim sparse-mode
int fa0/0
ip pim sparse-mode
ip pim send-rp announce lo 0 scope 16 group-list 10
ip pim sen-rp discovery lo 0 scope 16

access-list 10 permit host 234.5.5


R3
ip multicast-routing
int s0/0/0.233
ip pim spase-mode



!!!3.2 Help-Map!!!

R1
ip forward-protocol udp 3000
ip access-list extended UDP_3000
permit multicast helper-map 234.22.2 yy.yy.128.63 UDP_3000
int fa0/0
ip directed-broadcast

R3
ip forward-protocol udp 3000
ip access-list extendedudp_3000
permit udp yy.yy.128.32 0.0.0.31 any eq 3000

int fa0/1
ip pim sparse-mode
ip multicast helper-map
234.5.5.5 yy.yy.128.63 UDP_3000


!!!4.1 FTP_Access!!!
R5
username CISCO priviledge 5 password cisco
priviledge exec level 5 copy running-config startup-config
priviledge exec level 5 show clock
priviledge exec level 5 show ip int b
line vty 0 4
trsnaport input telnet
login local

!!!4.2 vlan-map!!!
SW2
access-list 101 permit ip any host yy.yy.128.194 eq telnet
acdcess-list 301 permit ip any host yy.yy.128.225 eq telent
access-list 101 permit ip any host yy.yy.5.5 eq telnet

vlan acess-map tel 15
match ip address 101
action drop

vlan access-map tel 20
action forward
vlan fillter tel vlan-list 230



!!!4.3 HSRP!!!
SW2
int vlan 42
standby 1 ip yy.yy.128.100
standby 1 prirority 100
standby 1 preempt

SW3
int fa0/0
standby 1 ip yy.yy.128.100
standby 1 priority  150
standby 1 perempt


!!!4.4 ntp!!!
R2
clock set 06:00:00 1 JAN 2000
ntp master 5
ntp authentivati-key 1 md5 cisco
ntp authenticate
ntp trusted-key 1
ntp source lo 0
ntp servver yy.yy.128.254

ntp up@date-calender
clock calender-valid

int fa0/1
ntp broadcast key 1

ntp authentication-key 1 md5 cisco
ntp authtenticate
ntp trusted-key 1
int vlan 23
ntp broadcast client


R1
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp trusted-key 1
ntp server yy.yy.2.2 key 1 sourcw lo 0


!!!4.5 QoS CAR!!!
SW3
mls qos
ip access-list exrnded UDP_4000
permit udp yy.yy.0.0 0.0.0.31 any
class-map UDP_4000
match access-list  group-name UDP4000
policy-map RATE-LIMIT
class UDP 4000
police 2000000 62500 exceeded-action drop

int vlan 23
service-policy input RATE-LIMIT



!!!5.1 HTTP Access!!!
R3
ip http server
time-range HTTP
periodec weekdays 10:00to 2:00
ip access-list extended strict
permit tcp 150.2.19.0 0.0.0.255 any eq www time-range HTTP
permit ip any any
int fa 0/0
ip access-group strict in


!!!5.2 Router IP trafic Export!!!
R1
ip traffic-export profile Export
interface fa0/0
mac-adress 0010.0020.0030;
incomming sample one-in-every 50
icomming access-list 100

int s0/0
ip trafic-export apply Export
access-list 100 tcp any any eq telnet
access-list 100 permit tcp an eq telnet any


!!!5.3 IP Source Tracker!!!
R5
ip source-track address-limit 5
ip source-track syslog-interval 1
ip source-track 150.3.yy.201
ip source-track 150.3.yy.202
ip source-track 150.3.yy.203
ip source-track 150.3.yy.204
ip source-track 150.3.yy.205
投稿者 時刻:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)