topology
Cisco(PPPOEServer)-Yamaha(PPPOEClient)
PPPOEServer
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username cisco password 0 cisco
archive
log config
hidekeys
!
!
!
!
!
!
!
bba-group pppoe test
virtual-template 1
!
bba-group pppoe test[]
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable group test
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1
mtu 1454
ip address 200.200.200.1 255.255.255.0
peer default ip address pool test1
ppp authentication chap
!
ip local pool test1 200.200.200.2
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
client
yamaha
# Memory 16Mbytes, 2LAN
ip lan1 address 10.10.10.10/24
pp select 1
pp always-on on
pppoe use lan2
pp auth accept chap
pp auth myname cisco cisco
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ccp type none
ip pp address 200.200.200.2/24
ip pp mtu 1454
pp enable 1
ip route default gateway pp 1
#
2011年12月11日日曜日
2+2
###########################################################
2+2
###########################################################
!!!1.1!!!
R1
int g0/1.11
no encapslation dot1q 11 native
encaps dot1q 11
ip address yy.yy.0.97 255.255.255.224
SW3
no monitor session all
int fa0/10
switchport access vlan 33
int vlan 33
ip add 150.3.yy.1 255.255.255.0
!!!1.2!!!
SW1
interface fa0/2
switchport mode access
swirchport access vlan 20
int fa 0/3
switchport mode access
switchport access vlan 20
int fa 0/4
switchport mode access
switchport access vlan 43
int fa0/5
switchport mode access
switchport access vlan 54
int vlan 12
ip add yy.yy.128.98 255.255.255.224
no shut
int vlan 51
ip add yy.yy.0.129 255.255.255.224
no shut
int fa0/10
no switchport
ip add 150.1.yy.1 255.255.255.0
SW2
int fa0/2
switchport mode access
switchport acess vlan 234
int fa0/3
switchport mode access
switchport access vlan 300
int fa0/4
switchport mode access
switchport access vlan 54
int fa0/5
switchport mode access
switchport access vlan 51
int vlan 42
ip add yy.yy.128.129 255.255.255.224
no shut
int vlan 243
ip add yy.yy.128.163 255.255.255.224
no shut
int fa 0/10
no switchport
ip add 150.2.yy.1 255.255.255.0
no shut
SW3
int fa0/10
switchport mode access
switchport access vlan 33
int vlan 243
ip add yy.yy.128.161 255.255.255.224
no shut
int vlan 234
ip add yy.yy.128.195 255.255.255.224
no shut
int vlan 33
ip add 150.3.yy.1 255.255.255.0
no shut
SW4
int vlan 243
ip add yy.yy.128.194 255.255.255.224
no shut
!!!1.3!!!
SW1
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
int range fa0/19 - 24
udld port aggresive
SW2
spaning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
int range fa0/19 - 24
udld port aggressive
SW3
spanning-tree mode rapid-pvst
spanning-tree portfast bpdugurad default
int range fa0/19 - 24
udld port aggressive
SW4
spanning-tree mode rapid-pvst
spanning-tree portfast bpdugurd default
int range fa0/19 - 24
udld port aggresive
SW1
int range fa0/2 - 5
spanning-treeportfast
SW2
int range fa0/2 - 5
spaning-tree portfast
SW3
int range fa0/10
spanning-tree bpduguard disable
!!!1.4!!!
SW1
int range fa0/19 - 24
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
no sht
exit
SW2
int range fa0/19 - 24
switchport trunk encapslatio dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit
SW3
int range fa0/19 - 24
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit
SW4
int range fa0/19 - 24
switchport trunk enccapslaton dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit
SW1
int rane fa 0/19 - 20
channel-group 13 mode active
exit
int range fa 0/21 - 22
channel-group 14 mode active
exit
int range fa 0/23 - 24
channel-group 12 mode active
port-channel load-balanece dst-ip
SW2
int range fa0/19 - 20
channel-group 24 mode active
exit
int range fa0/21 - 22
channel-group 23 mode active
int range fa0/23-24
channel-group 23 mode active
exit
port-channel load-balance dst-ip
SW3
int range fa0/19
channel-group 13 mode active
exit
int range fa 0/21 - 22
channel-group 23 mode active
exit
int range fa0/23 - 24
channel-group 24 mode active
exit
port-channel load-balance dst-ip
SW4
int range fa0/19 20
channel-group 24 mode active
exit
int range fa0/21- 22
channel-group 14 mode active
exit
int range va 0/23 - 24
channel-group 34 mode active
exit
port-vhannel load-balance dst-ip
SW2
int fa0/1
switchport trunk encapslation dot1q
switchport mode trunk
switchport trunk allowed vlan 11,12
switchport nonegotiate
no shut
exit
R1
int fa0/1
no ip address
no shut
exit
int fa0/1.11
encapslatin dot1q
ip address yy.yy.0/65 255.255.255.224
no shut
exit
intfa0/1.12
encapslation dot1q 12
ip add yy.yy.128.97 255.255.255.224
no shut
exit
!!!1.5!!!
SW3
no monitor session all
monitor session 1 source intfa0/1 - 8 port-channel 13 both
monitor session 1 definition fa 0/11
SW1
mac adress-table aging-time 150 vlan 20
!!!1.7!!!
R5
frame-relay switching
int s0/0
encapslation frame-relay
frame-relay lmi-type cisco
frame-relay intf-ty dce
clock rate 64000
frame-relay roue 221 interface serial 0/1 223
no ip address
no shut
exit
int s0/1
encapslation frame-relay
frame-relay lmi-type cisco
frame-relay lmi-type dce
clock rate 64000
frame-relay route 223 interfce serial 0/0 221
no ip address
no shut
exit
R1
interface serial 0/1
encapslation frame-relay inverse-arp
no arp frame-relay
no ip address nosshut
exit
int s0/1.221 point-to-point
no ip address
frame-relay interface-dlci 221 ppp virtual-template 1
exit
exit
interface multilink
ppp multilink
ppp multilink grpup 1
ip unnumbered lo 0
exit
interace virtual-template 1
ppp multilink
ppp multilink grpoup 1
exit
R3
interface serial 0/0
encapslation frame-relay
no frame-relay inverse arp
no arp frame-relay
no ip address
no shut
exit
intefrce s0/0.223 point--to-point
frame-relay interfce-dlci 223 ppp vitrual-template 1
exit
interfrace multilink 1
ppp multilink
ppp multilink group 1
ip unnumbered lo 0
exit
interfce virtual-template 1
exit
ppp multilink
ppp multilink group 1
exit
R2
interface fa 0/0
ip address yy.yy.128.255 255.255.255.224
no shut
exit
interface fa0/1
ip add yy.yy.128.193 255.255.255.224
no shut
exit
interface serial 0/1
encapslation ppp
ip unnumbered fa0/0
no shu
exit
R3
int fa0/0
ip add yy.yy.0.33 255.255.255.224
no shut
exit
int fa 0/1
ip add yy.yy.0.1 255.255.255.224
exit
int s0/1
encapslation ppp
ip unnumbered fa 0/1
clockrate 64000
no shut
exit
R4
int fa0/0
ip add yy.yy.128.130 255.255.255.224
no shut
exit
int fa0/1
ip add yy.yy.254.2 255.255.255.0
no shut
exit
R5
int fa0/0
ip add yy.yy.254.1 255.255.255.0
no shut
exit
int fa0/1
ip add yy.yy.0.130 255.255.255.224
no shut
exit
!!!2.1!!!
SW1
ip routing
router ospf yy
router-id yy.yy.7.7
network yy.yy.7.7 0.0.0.0 area 0
network yy.yy.128.98 0.0.0.0 area 0
network yy.yy.0.129 0.0.0.0 area 52
redisstribute connected subnets rroute-map bb1
default-information originate always
exit
route-map bb1 permit 10
match interface fa0/0
↓
!!!K2!!!
default-information originate always-metric type route-map moren
redistribute connected route-map bb1 metreic-type 1
ip access-list standaard moren
permit 150.1.1.0 0.0.0.255
route-map moren
match ip add moren
!!!K2!!!
R1
router ospf yy
router-id yy.yy.1.1
network yy.yy.1.1 0.0.0.0 area 0
network yy.yy.0.65 0.0.0.0 area 0
network yy.yy.128.97 0.0.0.0 area 0
R3
router ospf yy
router-id yy.yy.3.3
network yy.yy.3.3 0.0.0.0 area 0
network yy.yy.0.1 0.0.0.0 area 1
network yyy.yy.33 0.0.0.0 are 1
exit
R2
router ospf yy
router-id yy.yy.2.2
network yy.yy.2.20.0.0.0 area 1
network yy.yy.128.225 0.0.0.0 area 1
network yy.yy.128.193 0.0.0.0 area 1
exit
SW3
ip routing
router ospf yy
router-id yy.yy.9.9
network yy.yy.9.9 0.0.0.0 area 1
networrk yy.yy.128.195 0.0.0.0 area 1
network 128.161 0.0.0.0 area 1
exit
SW4
ip routing
router ospf yy
router-id yy.yy.10.10
yy.yy.10.10 0.0.0.0 area 1
network yy.yy.10.10 0.0.0.0area 1
network yy.yy.128.194 0.0.0.0 area 1
network yy.yy.128.162 0.0.0.0 area 1
exit
SW2
ip routing
router ospf yy
router-id yy.yy.8.8
network yy.yy.8.8 0.0.0.0 area 1
network yy.yy.128.129 0.0.0.0 ara 1
network yy.yy.128.163 0.0.0.0 area 1
redisrtribuute connected route-map bb2
default-information originate always
exit
route-map bb2 permit 10
match interfce fa0/10
exit
↓
!!!K2!!!
default-information originate always metric-type 1 route-map moren
redistirbute connected route-map bb2 metric-type 1
ip access-list standard moren
permit 150.2.1.0 0.0.0.255
route-map moren
match ip add moren
!!!K2!!!
!!!2.3!!!
R4
router eigrp yy
no auto-summary
network yy.yy.254.2 0.0.0.0
redistribute connected metric 10000 100 255 1 1500 route-map lo
exit
route-map loopback permit 10
match int lo 0
exit
exit
!!!K2!!!
router eigrp yy
no auto-summary
network yy.yy.254.2 0.0.0.0
net yy.yy.4.4 0.0.0.0
!!!K2!!!
R5
router eigrp yy
no auto-summary
network yy.yy.254.1 0.0.0.0
redistribute connected metric 10000 100 255 1 1500 route-map lo
exit
route-map loopback permit 10
match int lo 0
exit
exit
!!!K2!!!
router eigrp yy
no auto-summary
network yy.yy.254.1 0.0.0.0
net yy.yy.5.5 0.0.0.0
!!!K2!!!
SW3
router eigrp 100
no auto-summary
network 150.3.yy.1 0.0.0.0
eigrp stub receive-only
distribute-list rotue-map tag in vlan 33
exit
access-list 10 permit 0.0.0.0 127.255.255.255
route-map tag permit 10
match ip address 10
set tag 200
route-map tag permit 20
exit
router ospf yy
redistribute eigrp 100 subnets
summary-address 198.0.0.0 255.0.0.0
exit
!!!2.3!!!
R2
router bgp yy
no auto-summary
no syncronization
bgp router-id yy.yy.2.2
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbor ibgp update-source lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.7.7 peergrpup ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor yy.yy.8.8 weight 100
exit
R3
router bgp yy
no auto-summary
nosyncronization
bgp rouer-id yy.yy.3.3
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbor ibgp update-spource lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.7.7 pee-group ibgp
neighbor yy..yy.8.8 peer-group ibgp
neighbor yy.yy.7.7 weight 100
SW1
router bgp yy
no auto summary
no syncronizationbgp router-id yy.yy.7.7
neighbor ibgp peer-group
ibgp remote-as y
neighbor ibgp update-source lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor 150.1.yy.254 remoe-as 254
SW2
ip routeing
router bgp yy
no auto-summary
no syncronization
bgp router-id yy.yy.8.8
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbot ibgp update-source lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.7.7 peer-group ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor 150.2.yy.254 route-map as in
exit
route-map as permit 10
set as-path prepend 253
exit
exit
!!!2.4MPLS!!!
R4
ip cef
mpls labelprotocol ldp
mpls ldp route0id lo 0 force
int fa0/1
mpls ip
exit
ip vrf vpn yy
vrf 100:1
route-target both 100:1
exit
interfce fa0/0
ip vrf forwarding vpn yy
ip address yy.yy.128.130 255.255.255.224
exit
router bgp 100
no auto-summary
no synchronization
bgp router-id yy.yy.4.4
neighbor yy.yy.5.5 update-source lo 0
neighbor yy.yy.5.5 remote-as 100
address-family vpn 4
neighbor yy.yy.5.5 active
neighboryy.yy.5.5 send-community-extended
exit
no bgp defualt ipv4-unicast
address-family ipv4 vrf vpn VPNYY
redistribute ospf yyvrf vpn yy
exit
exit
router ospf yy vrf vpn yy
redistribute bgp 100 subnets
netwrpk yy.yy.128.130 0.0.0.0
exit
R5
ip cef
mpls label protocop ldp
mpls ldp router-id lo 0 force
int fa0/3
mpls ip
exit
ipvrf vpn yy
rd 100:1
rote-target both 100:1
exit
int fa0/1
ip vrf forwarding vrf vpn yy
ip add yy.yy.0.130 255.255.255.224
exit
router bgp 100
no auto sum
no sync
router-id yy.yy.5.5
neighbor yy.yy.4.4 remote-as 100
neighbor yy.yy.4.4 update-source lo 0
address-familyvpnv4
neighbor yy.yy.4.4activate
neighbor yy.yy.4.4 send-community extended
exit
no bgp default ipv4 unicast
addresfamily ipv4 vrf vpn yy
redistribute ospf yy vrf vpn yy
exit
exit
router ospf yy vrf vpn yy
router-sofp yy vrf vpn yy
router-id yy.yy.5.5
redistribute bgp 100 subnets
network yy.yy.0.130 0.0.0.0 area 51
area 51 virtual-link yy.yy.7.7
exit
SW1
roter ospf yy
are 51 virtual-link yy.yy.5.5
exit
!!!2.5!!!
R3
int tun 35
tunnel source lo 0
tunnel destination yy.yy.0.130
ip unnumberdrd fa0/0
ip ospf yy area 1
exit
R5
int tun 35
tunnel source fa0/1
tunnel destination yy.yy.3.3
ip vrf forawrding vpn yy
ip unnumberded fa0/1
ip ospf yy area 1
ip tunnel vrf vpn yy
exit
R4
int lo 0
ip vrf forwarding vpnyy
ip address yy.yy.100.4 255.255.255.255
R5
int lo 1
ip vrf forwarding vpn yy
ip address yy.yy.100.5 255.255.255.255
exit
R4
router bgp 100
address-family ipv4 vrf vpnyy
network yy.yy.100.4 mask 255.255.255.255
exit
!!!K2!!!
address-family vrf vpn 1
redistribute ospf 1 vrf vpn1 match int external
redistribute connected
default information originate
!!!K2!!!
R5
router bgp 100
address-family ipv4 vrf vpnyy
network yy.yy.100.5 mask 255.255.255.255
exit
!!!K2!!!
address-family vrf vpn 1
redistribute ospf 1 vrf vpn1 match int external
redistribute connected
default information originate
!!!K2!!!
!!!K2+のみ!!!
R4
router ospf yy vrf vpn yy
aea 1 sham-link yy.yy.100.5
exit
R5
router ospf yy vrf vpnyy
are 1 sham-link yy.yy.100.5 yy.yy.100.4
exit
!!!K2+のみ!!!
R2
ipv6 unicast routing
int fa0/1
ipv6 address 20yy:1010:10::2/24
exit
int fa0/0
ipv6 address 20yy:1010:10::2/64
SW3
sdm prefer dual ipv4-ipv6 routeing
int vlan 33
ipv6 address 20yy:1010:222::9/64
exit
intvlan 234
ipv6 address 20yy:1010:10::9/64
exit
R2
ipv6 router rip cisco
exit
intfa0/0
ipv6 rip cisco enable
exit
int fa0/1
ipv6 rip cisco enable
exit
SW3
ipv6 router rip cisco
exit
intvlan 33
ipv6 cisvco rip enable
exit
int vlan 234
ipv6 rip cisco enable
ipv6 rip cisco default-informatio originate metric 2
exit
!!!3.1!!!
SW2
ip multicust-routing
ip pim auto-rp listner
int vlan 243
ip igmp join-group 239.10.5.1
exit
SW3
ip multicast-routing
ip pim auto-rp-listner
in lo 0
ip pim sparse-mode
exit
int vlan 243
ip pim sparse-mpde
exit
access-list 10 permit 239.10.5.0 0.0.0.355
ip pim send-rp-announce ki o scope 16 group-list 10
SW4
ip muilticast-routing
ip pim auto-rp listner
int lo 0
ip pim sparse-,oe
exiit
int vlan 234
ip pim sparse-mode
!!!3.2!!!
access-list 20 permit 239.10.5
1
int vlan 243
ip igmp access-group 20
SW3
access-list 20 permit 239.10.5.1
int vlan 243
ip igmp acccess-group 20
exit
SW4
access-list 20 permit 239.10.5.1
int vlan 243
ip igmp access-group 20
!!!K2のみ!!!
###3.2IPV4 SSM##
SW234
ip pim ssm range 5
access-list 5 permit 232.20.10.1
R2
ip multicast-routing
ip pim ssm range 5
access-list 5 permit 232.20.10.1
inter e0/1
ip pim sparse-mode
int e0/0
ip pim sparse-mode
ip igmp ver 3
ip pim v3 lite
ip urd
!!!4.1!!!
LinkFragMentation
R1
map-class frame-relay FRTS
frame-relay cir 128000
frame-relay bcc 8000
frame-relay be 1000
exit
int s0/1
bandwidth 128
frame-relay traffic-shaping
exit
int s0/1.221 point-to-point
bandwidth 128
frame-relay interfce-dlci 221 ppp virtual-template 1
cclass FRTS
exit
exit
interfce Virtual-templat 1
bandwidth 128
exit
multilink bandle-name endpoint
int multilink 1
bandwidth 128
ppp multilink
bandwidth 128
ppp multilink
bandwidth 128
ppp multilink fragment delay 8
ppp multilink interleave
ppp multilink endpoint hostnae
exit
R3
map-class frame relay FRTS
frame-relay cir 1280000
frame-relay bc 8000
frame-relay be 1000
exit
int s0/0
bandwidth 128
frame-relay traffic-shaping
exit
int s9/1.223 point-to-point
bandwidth 128
frame-relay interface-lci 221 ppp virtual-template 1
class FRTS
exit
exit
int virtual-template 1
bandwidth 128
multilink-bandle endpoint hostname
exit
!!!K2のみ!!!
###4.1LinkFragmentation##
###
R1
class-map voip
match ip precedence 5
match ip rtp 16384 16383
policy-map voip
class voip
priority percent 45
policy-map shape
class class-default
shape average 128000 8000 1000
service-policy voip
multilink bundle-name endpoint
int multilink 1
ip unnumberded lo 0
ppp multilink fragment delay 8
ppp multilink interleave
bandwidth 128
service-policy output shape
interface s0/0/0.13 point-to-point
frame-relay interface-dlci 231 ppp virtual-template 1
interface virtual-template 1
ppp multilink group 1
###
R3
class-map voip
match ip precedence 5
match ip rtp 16384 16383
policy-map voip
class voip
priority percent 45
policy-map shape
class class-default
shape average 128000 8000 1000
service-policy voip
multilink bundle-name endpoint
int multilink 1
ip unnumberded e0/0
ppp multilink fragment delay 8
ppp multilink interleave
bandwidth 128
service-policy output shape
interface s0/0/0.13 point-to-point
frame-relay interface-dlci 233 ppp virtual-template 1
interface virtual-template 1
ppp multilink group 1
###
!!!K2のみ!!!
!!!4.2MQC!!!
R1
access-list 100 permit udp any any precedence critical
class-map match-all voip
match access-group 100
exit
policy-map voip
priority 45
exit
class class-default
fair-queue
exit
exit
interface multilink 1
service-policy output voip
exit
R3
aces-list 100 permit udp any any precedence critical
class-map match-all voip
exit
policy-map voip
class voip
priority 45
exit
class class-default
fair-queue
exit
exitinterface multilink 1
service-poicy output oip
exit
!!!4.3NTP!!!
R5
clock set 8:00:00 1 JAN 2010
conf t
clock timezone HK+8
nep master 5
ntp source fa0/1
ntp server yy.yy.254.254
ntp acces-group peer 10
ntp access-group serve-only 20
ntp peer vrf VPNyy yy.yy.3.3 key 1
ntp peer vrf VPNyy yy.yy.8.8
ntp peer vrf VPNyy yy.yy.7.7
access-list 10 permit yy.yy.254.254
access-list 10 permit 127..127.7.1
access-list 20 permit yy.yyy.3.3
access-list permit yy.yy.7.7
access-list 20 permit yy.yy.8.8
ntp update-calennder
clck calnder-vlid
ntp uthenticate
ntp trust-key 1
ntp authentication-key 1 md5 cisco
R3
clock timezone HK+8
ntp authenticate
ntp authentication-key 1 md5 cisco
ntp trust-key 1
ntp server yy.yy.0130 key 1 source lo 0
ntp update-calender
clock time-zone HK+8
ntpserer yy.yy.0.130 lo 0
SW2
clodk timezone HK+(
ntp server yy.yy.0.130 source lo 0
!!!K2!!!
###4.2ntp###
R5
clock calendea-valid
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp master 5
ntp source fa1/1
ntp access-group peer 1
ntp access-group serve-only 2
ntp update-calender
ntp peer vrf vpn 3 3.3.3.3 key 1
ntp peer vrf vpn 3 3.3.8.8
ntp peer vrf vpn 3 3.3.7.7
ntp server 3.3.254.254 source lo 0
access-list 2 permit 3.3.254.254
access-list 2 permit 127.127.7.1
access-list 1 permit 3.3.3.3
access-list 1 permit 3.3.7.7
access-list 1 permit 3.3.8.8
!!!K2!!!
R3
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp trust-key 1
ntp server 1.1.0.130 key 1 source lo 0
SW1 2
ntp server 1.1.0.130 source lo 0
!!!4.3 Rsvp !!!!!!!!
R1
interface lo 0
ip rsvp bandwidth 64 64
exit
interface multilink 1
ip rsvp bandwidth 64 64
exit
ip rsvp reservation-host yy.yy.1.1 yy.yy.3.3 tp 23 10000 ff rate 10 1
R3
interface lo 0
ip rsvp bandwidth 64 64
exit
interfae multilinnk 1
ip rrsvp bandwidth 64 64
exit
ip rsvp sender-host yy.yy.1.1 yy.yy.3.3 23 10000 10 1
!!!4.4FirstHop redunndancy with Object Tracking!!!
SW3
track 10 ip route 0.0.0.0 0.0.0.0 reachability
interface vlan 234
sandby 1 ip yy.yy.128.96
standb 1 preempt
standby 1 track 10
standby 2 ip yy.yy.128.222
standby 2 priority 105
standby 2 preempt
standby 2 track
exit
SW4
track 10 ip rotue 0.0.0.0 reachability
interface vlan 234
standby 1 ip yy.yy.128.9
standby 1 pripority 105
standb 1 preempt
standby 1 track 10
standby 2 ip yy.yy.128.222
standby 2 track 10
exit
!!!MLS qos for Video!!!
SW4
mld qos
mps qos srr-queue output dscp-map queue 1 56
ip access-list extnded 100
permit ip host yy.yy.128.98 yy.yy.0.64 0.0.0.31
exit
clss-map match all voip
match access-group 100
exit
ms qos map policed-dscp 5 to 8
poliy-map policy
class voip
set ip dscp 56
police 300000 125000 exceeded-action police-dscp-trancemit
exit
exit
interface 0.6
service-policy input policy
mls qos cos 1
exit
interfce range fa0/19 - 24
mps qos trust dscp
mps qos cos 1
priority-queue out
exit
SW1
mls qos
ms qos srr-queue outout dscp-map queue 1 56
interface range fa019 - 24
mls qos trust dscp
mls qos cos 1
priority-queue out
exit
!!!K2のみ!!!
###4.4MHSRP###
SW3
int vlan 234
standby 1 ip 1.1.128.196
standby 1 preempt
standby 2 ip 1.1.128.222
standby 2 priority 105
standby 2 preempt
standby 2 track 10
rtr 10
type echo protocol ipicmpEcho 12.12.128.163
rtr schedule 10 start-time now
track 10 rtr/ipsla 10
SW4
int vlan 234
standby 1 ip 1.1.128.196
standby 1 priority 105
standby 1 preempt
standby 1 track 10
standby 2 ip 1.1.128.222
standby 2 preempt
rtr 10
type echo protocol ipicmpEcho 12.12.128.163
rtr schedule 10 start-time now
track 10 rtr/ipsla10
!!!K2のみ!!!
!!!5.1!!!
SW1
ip sla responder
SW2
SW2
mls qos
mos qos srr-queue output dscp-map queue 1 56
interface range fa0/19 - 24
mls qos trust dscp
mls qos cos
priority-queue out
int fa0/1
mls qos trust dscp
mps qos cos 1
priority-queue out
exit
!!!5.1 Ip Service Level Agreement!!!
SW1
ip spa responder
SW2
ip sa 1
tcp-connect yy.yy.7.7 23 source-ip yy.yy.8.
freuency 180
exit
ip sla 2
icmp-echo yy.yy.3.3 source-ip yy.yy.8.8
frquncy 180
exit
ip sla schedule 1 start-time now recuring
ip sla schedule 2 start-time now recuring
!!!5.2 SNMP !!!
R3
snmp-server communit public Ro
snmp-server community public ro
snmp community ciscoADMIN RW
snmp-server enable traps rsvp
snmp-server host yy.yy.128.336 public rsvp
SW2
snmp-server community public RO
snmp-server community ciscoADMIN RW
snmp-server user ciscoADMIN ciscoADMIN v1
snmp-server user ciscoADMIN ciscoADMIN v2c
snmp-server enable raps rtr
snmp-server host yy.yy.128.226 pubic rsvp
!!!5.2!!!
R3
snmp-server comunity public RO
snmp-server community ciscoADMIN RW
snmp-server enable trasps rsvp
enmp-server host yy.yy.128.226 public rsvp
SW2
snmp-server community public RO
snmp-server community public RO
snmp-server community ciscoADMIN RW
snmp-server user ciscoADMIN v1
snmp-server user ciscoADMIN v2c
snmp-server enable traps rtr
snmp-server host yy.yy.120.226 public rtr
ip sla reaction-configuration 1 react rtr threshold-type imediate action-type trapOnly
ip sla reaction-configuration 2 react rtr threshold imediate action-type traponly
###5.2snmp###K2のみ
snmp-server community public ro
snmp-server community ciscoADMIN rw
snmp-server enale traps rtr/ipsla
snmp-server hos yy.yy.128.226 public
ip sla monitor reaction-configration 1 react rtt threshold-value 40 2 0 threshold-type immediate action-type traponlyip
R3
snmo-server communitu public ro
snmo-server community ciscoADMIN rw
snmp-server host yy.yy.128.226 public
snmp-server enable traps osp cisco-specific state-change sham-link
snmp enable traps osp cisco-specific errors shamlink
snmp-server enable traps osp cisco-specific retransmit shamlink
R2
service timestamps debug datetime msec localtime
loggng count
logging buffered 100000 warnings
exception core-file rack12R2 compress
exception protocol ftp
exception dump 12.12.128.196
ip ftp username reload
ip fftp password cico
ip ftp passive
###5.2snmp###K2のみ
!!!5.3!!!
R2
logging on
servicetimestaumps log dateline msec localtime
service timestamps debug datetim msec localtime
logging count
logging buffered 100000 warnings
ip ftp username reload
ip ftp passwprd cisco
exception corefile RackyyR2 compress
exception protocol ftp
exception dump yy.yy.126.196
R4
extendded ip access-list copp_acl_atack
10 permit udp any any eq 1434
20 permit udp any any eq 1434 any
30 permit ip any any fragments
extended ip access-list copp_acl_bgp
10 permit tcp any eq bgp host 1.1.4.4
20 permit tcp any host 1.1.4.4 eq bgp=179
extended ip access-list copp_acl_ldp
10 permit tcp any host 1.1.4.4 eq 646
20 permit tcp any eq 646 host 1.1.4.4
30 permit udp any eq 646 host 224.0.0.2 eq 646
extended ip access-list copp_acl_mgmt
10 permit icmp any any
20 permit pim any any
extended ip access-list copp ospf
!!!5.4!!!
R4
mls qos
class map match-all telnet id3
matchaccess-group name copp_acl_telnet
class-map match-all attack
match access-group name copp_acl_attack
clas map match-all mgmt
match access-group name copp_acl_mgmt
class-map match-any class-default
match any
class map match-any ldp_bgp_ospf_eigrp id 1
match access-group name copp_acl_ldp
match access-group name copp_acl_bgp
match access-group name copp_acl_ospf
match access-group name copp_acl_eigrp
class-map match-all l2arp
match protocol arp
policy map police
class attack
policerate 10 pps burst 2 packet
conform-action drop
exceed-action drop
class ldp_bgp_ospf_eigrp
class telnet
poolicerate 100 pps burst 24 packets
conform action transmit
exceeded action trancemit
2+2
###########################################################
!!!1.1!!!
R1
int g0/1.11
no encapslation dot1q 11 native
encaps dot1q 11
ip address yy.yy.0.97 255.255.255.224
SW3
no monitor session all
int fa0/10
switchport access vlan 33
int vlan 33
ip add 150.3.yy.1 255.255.255.0
!!!1.2!!!
SW1
interface fa0/2
switchport mode access
swirchport access vlan 20
int fa 0/3
switchport mode access
switchport access vlan 20
int fa 0/4
switchport mode access
switchport access vlan 43
int fa0/5
switchport mode access
switchport access vlan 54
int vlan 12
ip add yy.yy.128.98 255.255.255.224
no shut
int vlan 51
ip add yy.yy.0.129 255.255.255.224
no shut
int fa0/10
no switchport
ip add 150.1.yy.1 255.255.255.0
SW2
int fa0/2
switchport mode access
switchport acess vlan 234
int fa0/3
switchport mode access
switchport access vlan 300
int fa0/4
switchport mode access
switchport access vlan 54
int fa0/5
switchport mode access
switchport access vlan 51
int vlan 42
ip add yy.yy.128.129 255.255.255.224
no shut
int vlan 243
ip add yy.yy.128.163 255.255.255.224
no shut
int fa 0/10
no switchport
ip add 150.2.yy.1 255.255.255.0
no shut
SW3
int fa0/10
switchport mode access
switchport access vlan 33
int vlan 243
ip add yy.yy.128.161 255.255.255.224
no shut
int vlan 234
ip add yy.yy.128.195 255.255.255.224
no shut
int vlan 33
ip add 150.3.yy.1 255.255.255.0
no shut
SW4
int vlan 243
ip add yy.yy.128.194 255.255.255.224
no shut
!!!1.3!!!
SW1
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
int range fa0/19 - 24
udld port aggresive
SW2
spaning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
int range fa0/19 - 24
udld port aggressive
SW3
spanning-tree mode rapid-pvst
spanning-tree portfast bpdugurad default
int range fa0/19 - 24
udld port aggressive
SW4
spanning-tree mode rapid-pvst
spanning-tree portfast bpdugurd default
int range fa0/19 - 24
udld port aggresive
SW1
int range fa0/2 - 5
spanning-treeportfast
SW2
int range fa0/2 - 5
spaning-tree portfast
SW3
int range fa0/10
spanning-tree bpduguard disable
!!!1.4!!!
SW1
int range fa0/19 - 24
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
no sht
exit
SW2
int range fa0/19 - 24
switchport trunk encapslatio dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit
SW3
int range fa0/19 - 24
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit
SW4
int range fa0/19 - 24
switchport trunk enccapslaton dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit
SW1
int rane fa 0/19 - 20
channel-group 13 mode active
exit
int range fa 0/21 - 22
channel-group 14 mode active
exit
int range fa 0/23 - 24
channel-group 12 mode active
port-channel load-balanece dst-ip
SW2
int range fa0/19 - 20
channel-group 24 mode active
exit
int range fa0/21 - 22
channel-group 23 mode active
int range fa0/23-24
channel-group 23 mode active
exit
port-channel load-balance dst-ip
SW3
int range fa0/19
channel-group 13 mode active
exit
int range fa 0/21 - 22
channel-group 23 mode active
exit
int range fa0/23 - 24
channel-group 24 mode active
exit
port-channel load-balance dst-ip
SW4
int range fa0/19 20
channel-group 24 mode active
exit
int range fa0/21- 22
channel-group 14 mode active
exit
int range va 0/23 - 24
channel-group 34 mode active
exit
port-vhannel load-balance dst-ip
SW2
int fa0/1
switchport trunk encapslation dot1q
switchport mode trunk
switchport trunk allowed vlan 11,12
switchport nonegotiate
no shut
exit
R1
int fa0/1
no ip address
no shut
exit
int fa0/1.11
encapslatin dot1q
ip address yy.yy.0/65 255.255.255.224
no shut
exit
intfa0/1.12
encapslation dot1q 12
ip add yy.yy.128.97 255.255.255.224
no shut
exit
!!!1.5!!!
SW3
no monitor session all
monitor session 1 source intfa0/1 - 8 port-channel 13 both
monitor session 1 definition fa 0/11
SW1
mac adress-table aging-time 150 vlan 20
!!!1.7!!!
R5
frame-relay switching
int s0/0
encapslation frame-relay
frame-relay lmi-type cisco
frame-relay intf-ty dce
clock rate 64000
frame-relay roue 221 interface serial 0/1 223
no ip address
no shut
exit
int s0/1
encapslation frame-relay
frame-relay lmi-type cisco
frame-relay lmi-type dce
clock rate 64000
frame-relay route 223 interfce serial 0/0 221
no ip address
no shut
exit
R1
interface serial 0/1
encapslation frame-relay inverse-arp
no arp frame-relay
no ip address nosshut
exit
int s0/1.221 point-to-point
no ip address
frame-relay interface-dlci 221 ppp virtual-template 1
exit
exit
interface multilink
ppp multilink
ppp multilink grpup 1
ip unnumbered lo 0
exit
interace virtual-template 1
ppp multilink
ppp multilink grpoup 1
exit
R3
interface serial 0/0
encapslation frame-relay
no frame-relay inverse arp
no arp frame-relay
no ip address
no shut
exit
intefrce s0/0.223 point--to-point
frame-relay interfce-dlci 223 ppp vitrual-template 1
exit
interfrace multilink 1
ppp multilink
ppp multilink group 1
ip unnumbered lo 0
exit
interfce virtual-template 1
exit
ppp multilink
ppp multilink group 1
exit
R2
interface fa 0/0
ip address yy.yy.128.255 255.255.255.224
no shut
exit
interface fa0/1
ip add yy.yy.128.193 255.255.255.224
no shut
exit
interface serial 0/1
encapslation ppp
ip unnumbered fa0/0
no shu
exit
R3
int fa0/0
ip add yy.yy.0.33 255.255.255.224
no shut
exit
int fa 0/1
ip add yy.yy.0.1 255.255.255.224
exit
int s0/1
encapslation ppp
ip unnumbered fa 0/1
clockrate 64000
no shut
exit
R4
int fa0/0
ip add yy.yy.128.130 255.255.255.224
no shut
exit
int fa0/1
ip add yy.yy.254.2 255.255.255.0
no shut
exit
R5
int fa0/0
ip add yy.yy.254.1 255.255.255.0
no shut
exit
int fa0/1
ip add yy.yy.0.130 255.255.255.224
no shut
exit
!!!2.1!!!
SW1
ip routing
router ospf yy
router-id yy.yy.7.7
network yy.yy.7.7 0.0.0.0 area 0
network yy.yy.128.98 0.0.0.0 area 0
network yy.yy.0.129 0.0.0.0 area 52
redisstribute connected subnets rroute-map bb1
default-information originate always
exit
route-map bb1 permit 10
match interface fa0/0
↓
!!!K2!!!
default-information originate always-metric type route-map moren
redistribute connected route-map bb1 metreic-type 1
ip access-list standaard moren
permit 150.1.1.0 0.0.0.255
route-map moren
match ip add moren
!!!K2!!!
R1
router ospf yy
router-id yy.yy.1.1
network yy.yy.1.1 0.0.0.0 area 0
network yy.yy.0.65 0.0.0.0 area 0
network yy.yy.128.97 0.0.0.0 area 0
R3
router ospf yy
router-id yy.yy.3.3
network yy.yy.3.3 0.0.0.0 area 0
network yy.yy.0.1 0.0.0.0 area 1
network yyy.yy.33 0.0.0.0 are 1
exit
R2
router ospf yy
router-id yy.yy.2.2
network yy.yy.2.20.0.0.0 area 1
network yy.yy.128.225 0.0.0.0 area 1
network yy.yy.128.193 0.0.0.0 area 1
exit
SW3
ip routing
router ospf yy
router-id yy.yy.9.9
network yy.yy.9.9 0.0.0.0 area 1
networrk yy.yy.128.195 0.0.0.0 area 1
network 128.161 0.0.0.0 area 1
exit
SW4
ip routing
router ospf yy
router-id yy.yy.10.10
yy.yy.10.10 0.0.0.0 area 1
network yy.yy.10.10 0.0.0.0area 1
network yy.yy.128.194 0.0.0.0 area 1
network yy.yy.128.162 0.0.0.0 area 1
exit
SW2
ip routing
router ospf yy
router-id yy.yy.8.8
network yy.yy.8.8 0.0.0.0 area 1
network yy.yy.128.129 0.0.0.0 ara 1
network yy.yy.128.163 0.0.0.0 area 1
redisrtribuute connected route-map bb2
default-information originate always
exit
route-map bb2 permit 10
match interfce fa0/10
exit
↓
!!!K2!!!
default-information originate always metric-type 1 route-map moren
redistirbute connected route-map bb2 metric-type 1
ip access-list standard moren
permit 150.2.1.0 0.0.0.255
route-map moren
match ip add moren
!!!K2!!!
!!!2.3!!!
R4
router eigrp yy
no auto-summary
network yy.yy.254.2 0.0.0.0
redistribute connected metric 10000 100 255 1 1500 route-map lo
exit
route-map loopback permit 10
match int lo 0
exit
exit
!!!K2!!!
router eigrp yy
no auto-summary
network yy.yy.254.2 0.0.0.0
net yy.yy.4.4 0.0.0.0
!!!K2!!!
R5
router eigrp yy
no auto-summary
network yy.yy.254.1 0.0.0.0
redistribute connected metric 10000 100 255 1 1500 route-map lo
exit
route-map loopback permit 10
match int lo 0
exit
exit
!!!K2!!!
router eigrp yy
no auto-summary
network yy.yy.254.1 0.0.0.0
net yy.yy.5.5 0.0.0.0
!!!K2!!!
SW3
router eigrp 100
no auto-summary
network 150.3.yy.1 0.0.0.0
eigrp stub receive-only
distribute-list rotue-map tag in vlan 33
exit
access-list 10 permit 0.0.0.0 127.255.255.255
route-map tag permit 10
match ip address 10
set tag 200
route-map tag permit 20
exit
router ospf yy
redistribute eigrp 100 subnets
summary-address 198.0.0.0 255.0.0.0
exit
!!!2.3!!!
R2
router bgp yy
no auto-summary
no syncronization
bgp router-id yy.yy.2.2
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbor ibgp update-source lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.7.7 peergrpup ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor yy.yy.8.8 weight 100
exit
R3
router bgp yy
no auto-summary
nosyncronization
bgp rouer-id yy.yy.3.3
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbor ibgp update-spource lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.7.7 pee-group ibgp
neighbor yy..yy.8.8 peer-group ibgp
neighbor yy.yy.7.7 weight 100
SW1
router bgp yy
no auto summary
no syncronizationbgp router-id yy.yy.7.7
neighbor ibgp peer-group
ibgp remote-as y
neighbor ibgp update-source lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor 150.1.yy.254 remoe-as 254
SW2
ip routeing
router bgp yy
no auto-summary
no syncronization
bgp router-id yy.yy.8.8
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbot ibgp update-source lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.7.7 peer-group ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor 150.2.yy.254 route-map as in
exit
route-map as permit 10
set as-path prepend 253
exit
exit
!!!2.4MPLS!!!
R4
ip cef
mpls labelprotocol ldp
mpls ldp route0id lo 0 force
int fa0/1
mpls ip
exit
ip vrf vpn yy
vrf 100:1
route-target both 100:1
exit
interfce fa0/0
ip vrf forwarding vpn yy
ip address yy.yy.128.130 255.255.255.224
exit
router bgp 100
no auto-summary
no synchronization
bgp router-id yy.yy.4.4
neighbor yy.yy.5.5 update-source lo 0
neighbor yy.yy.5.5 remote-as 100
address-family vpn 4
neighbor yy.yy.5.5 active
neighboryy.yy.5.5 send-community-extended
exit
no bgp defualt ipv4-unicast
address-family ipv4 vrf vpn VPNYY
redistribute ospf yyvrf vpn yy
exit
exit
router ospf yy vrf vpn yy
redistribute bgp 100 subnets
netwrpk yy.yy.128.130 0.0.0.0
exit
R5
ip cef
mpls label protocop ldp
mpls ldp router-id lo 0 force
int fa0/3
mpls ip
exit
ipvrf vpn yy
rd 100:1
rote-target both 100:1
exit
int fa0/1
ip vrf forwarding vrf vpn yy
ip add yy.yy.0.130 255.255.255.224
exit
router bgp 100
no auto sum
no sync
router-id yy.yy.5.5
neighbor yy.yy.4.4 remote-as 100
neighbor yy.yy.4.4 update-source lo 0
address-familyvpnv4
neighbor yy.yy.4.4activate
neighbor yy.yy.4.4 send-community extended
exit
no bgp default ipv4 unicast
addresfamily ipv4 vrf vpn yy
redistribute ospf yy vrf vpn yy
exit
exit
router ospf yy vrf vpn yy
router-sofp yy vrf vpn yy
router-id yy.yy.5.5
redistribute bgp 100 subnets
network yy.yy.0.130 0.0.0.0 area 51
area 51 virtual-link yy.yy.7.7
exit
SW1
roter ospf yy
are 51 virtual-link yy.yy.5.5
exit
!!!2.5!!!
R3
int tun 35
tunnel source lo 0
tunnel destination yy.yy.0.130
ip unnumberdrd fa0/0
ip ospf yy area 1
exit
R5
int tun 35
tunnel source fa0/1
tunnel destination yy.yy.3.3
ip vrf forawrding vpn yy
ip unnumberded fa0/1
ip ospf yy area 1
ip tunnel vrf vpn yy
exit
R4
int lo 0
ip vrf forwarding vpnyy
ip address yy.yy.100.4 255.255.255.255
R5
int lo 1
ip vrf forwarding vpn yy
ip address yy.yy.100.5 255.255.255.255
exit
R4
router bgp 100
address-family ipv4 vrf vpnyy
network yy.yy.100.4 mask 255.255.255.255
exit
!!!K2!!!
address-family vrf vpn 1
redistribute ospf 1 vrf vpn1 match int external
redistribute connected
default information originate
!!!K2!!!
R5
router bgp 100
address-family ipv4 vrf vpnyy
network yy.yy.100.5 mask 255.255.255.255
exit
!!!K2!!!
address-family vrf vpn 1
redistribute ospf 1 vrf vpn1 match int external
redistribute connected
default information originate
!!!K2!!!
!!!K2+のみ!!!
R4
router ospf yy vrf vpn yy
aea 1 sham-link yy.yy.100.5
exit
R5
router ospf yy vrf vpnyy
are 1 sham-link yy.yy.100.5 yy.yy.100.4
exit
!!!K2+のみ!!!
R2
ipv6 unicast routing
int fa0/1
ipv6 address 20yy:1010:10::2/24
exit
int fa0/0
ipv6 address 20yy:1010:10::2/64
SW3
sdm prefer dual ipv4-ipv6 routeing
int vlan 33
ipv6 address 20yy:1010:222::9/64
exit
intvlan 234
ipv6 address 20yy:1010:10::9/64
exit
R2
ipv6 router rip cisco
exit
intfa0/0
ipv6 rip cisco enable
exit
int fa0/1
ipv6 rip cisco enable
exit
SW3
ipv6 router rip cisco
exit
intvlan 33
ipv6 cisvco rip enable
exit
int vlan 234
ipv6 rip cisco enable
ipv6 rip cisco default-informatio originate metric 2
exit
!!!3.1!!!
SW2
ip multicust-routing
ip pim auto-rp listner
int vlan 243
ip igmp join-group 239.10.5.1
exit
SW3
ip multicast-routing
ip pim auto-rp-listner
in lo 0
ip pim sparse-mode
exit
int vlan 243
ip pim sparse-mpde
exit
access-list 10 permit 239.10.5.0 0.0.0.355
ip pim send-rp-announce ki o scope 16 group-list 10
SW4
ip muilticast-routing
ip pim auto-rp listner
int lo 0
ip pim sparse-,oe
exiit
int vlan 234
ip pim sparse-mode
!!!3.2!!!
access-list 20 permit 239.10.5
1
int vlan 243
ip igmp access-group 20
SW3
access-list 20 permit 239.10.5.1
int vlan 243
ip igmp acccess-group 20
exit
SW4
access-list 20 permit 239.10.5.1
int vlan 243
ip igmp access-group 20
!!!K2のみ!!!
###3.2IPV4 SSM##
SW234
ip pim ssm range 5
access-list 5 permit 232.20.10.1
R2
ip multicast-routing
ip pim ssm range 5
access-list 5 permit 232.20.10.1
inter e0/1
ip pim sparse-mode
int e0/0
ip pim sparse-mode
ip igmp ver 3
ip pim v3 lite
ip urd
!!!4.1!!!
LinkFragMentation
R1
map-class frame-relay FRTS
frame-relay cir 128000
frame-relay bcc 8000
frame-relay be 1000
exit
int s0/1
bandwidth 128
frame-relay traffic-shaping
exit
int s0/1.221 point-to-point
bandwidth 128
frame-relay interfce-dlci 221 ppp virtual-template 1
cclass FRTS
exit
exit
interfce Virtual-templat 1
bandwidth 128
exit
multilink bandle-name endpoint
int multilink 1
bandwidth 128
ppp multilink
bandwidth 128
ppp multilink
bandwidth 128
ppp multilink fragment delay 8
ppp multilink interleave
ppp multilink endpoint hostnae
exit
R3
map-class frame relay FRTS
frame-relay cir 1280000
frame-relay bc 8000
frame-relay be 1000
exit
int s0/0
bandwidth 128
frame-relay traffic-shaping
exit
int s9/1.223 point-to-point
bandwidth 128
frame-relay interface-lci 221 ppp virtual-template 1
class FRTS
exit
exit
int virtual-template 1
bandwidth 128
multilink-bandle endpoint hostname
exit
!!!K2のみ!!!
###4.1LinkFragmentation##
###
R1
class-map voip
match ip precedence 5
match ip rtp 16384 16383
policy-map voip
class voip
priority percent 45
policy-map shape
class class-default
shape average 128000 8000 1000
service-policy voip
multilink bundle-name endpoint
int multilink 1
ip unnumberded lo 0
ppp multilink fragment delay 8
ppp multilink interleave
bandwidth 128
service-policy output shape
interface s0/0/0.13 point-to-point
frame-relay interface-dlci 231 ppp virtual-template 1
interface virtual-template 1
ppp multilink group 1
###
R3
class-map voip
match ip precedence 5
match ip rtp 16384 16383
policy-map voip
class voip
priority percent 45
policy-map shape
class class-default
shape average 128000 8000 1000
service-policy voip
multilink bundle-name endpoint
int multilink 1
ip unnumberded e0/0
ppp multilink fragment delay 8
ppp multilink interleave
bandwidth 128
service-policy output shape
interface s0/0/0.13 point-to-point
frame-relay interface-dlci 233 ppp virtual-template 1
interface virtual-template 1
ppp multilink group 1
###
!!!K2のみ!!!
!!!4.2MQC!!!
R1
access-list 100 permit udp any any precedence critical
class-map match-all voip
match access-group 100
exit
policy-map voip
priority 45
exit
class class-default
fair-queue
exit
exit
interface multilink 1
service-policy output voip
exit
R3
aces-list 100 permit udp any any precedence critical
class-map match-all voip
exit
policy-map voip
class voip
priority 45
exit
class class-default
fair-queue
exit
exitinterface multilink 1
service-poicy output oip
exit
!!!4.3NTP!!!
R5
clock set 8:00:00 1 JAN 2010
conf t
clock timezone HK+8
nep master 5
ntp source fa0/1
ntp server yy.yy.254.254
ntp acces-group peer 10
ntp access-group serve-only 20
ntp peer vrf VPNyy yy.yy.3.3 key 1
ntp peer vrf VPNyy yy.yy.8.8
ntp peer vrf VPNyy yy.yy.7.7
access-list 10 permit yy.yy.254.254
access-list 10 permit 127..127.7.1
access-list 20 permit yy.yyy.3.3
access-list permit yy.yy.7.7
access-list 20 permit yy.yy.8.8
ntp update-calennder
clck calnder-vlid
ntp uthenticate
ntp trust-key 1
ntp authentication-key 1 md5 cisco
R3
clock timezone HK+8
ntp authenticate
ntp authentication-key 1 md5 cisco
ntp trust-key 1
ntp server yy.yy.0130 key 1 source lo 0
ntp update-calender
clock time-zone HK+8
ntpserer yy.yy.0.130 lo 0
SW2
clodk timezone HK+(
ntp server yy.yy.0.130 source lo 0
!!!K2!!!
###4.2ntp###
R5
clock calendea-valid
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp master 5
ntp source fa1/1
ntp access-group peer 1
ntp access-group serve-only 2
ntp update-calender
ntp peer vrf vpn 3 3.3.3.3 key 1
ntp peer vrf vpn 3 3.3.8.8
ntp peer vrf vpn 3 3.3.7.7
ntp server 3.3.254.254 source lo 0
access-list 2 permit 3.3.254.254
access-list 2 permit 127.127.7.1
access-list 1 permit 3.3.3.3
access-list 1 permit 3.3.7.7
access-list 1 permit 3.3.8.8
!!!K2!!!
R3
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp trust-key 1
ntp server 1.1.0.130 key 1 source lo 0
SW1 2
ntp server 1.1.0.130 source lo 0
!!!4.3 Rsvp !!!!!!!!
R1
interface lo 0
ip rsvp bandwidth 64 64
exit
interface multilink 1
ip rsvp bandwidth 64 64
exit
ip rsvp reservation-host yy.yy.1.1 yy.yy.3.3 tp 23 10000 ff rate 10 1
R3
interface lo 0
ip rsvp bandwidth 64 64
exit
interfae multilinnk 1
ip rrsvp bandwidth 64 64
exit
ip rsvp sender-host yy.yy.1.1 yy.yy.3.3 23 10000 10 1
!!!4.4FirstHop redunndancy with Object Tracking!!!
SW3
track 10 ip route 0.0.0.0 0.0.0.0 reachability
interface vlan 234
sandby 1 ip yy.yy.128.96
standb 1 preempt
standby 1 track 10
standby 2 ip yy.yy.128.222
standby 2 priority 105
standby 2 preempt
standby 2 track
exit
SW4
track 10 ip rotue 0.0.0.0 reachability
interface vlan 234
standby 1 ip yy.yy.128.9
standby 1 pripority 105
standb 1 preempt
standby 1 track 10
standby 2 ip yy.yy.128.222
standby 2 track 10
exit
!!!MLS qos for Video!!!
SW4
mld qos
mps qos srr-queue output dscp-map queue 1 56
ip access-list extnded 100
permit ip host yy.yy.128.98 yy.yy.0.64 0.0.0.31
exit
clss-map match all voip
match access-group 100
exit
ms qos map policed-dscp 5 to 8
poliy-map policy
class voip
set ip dscp 56
police 300000 125000 exceeded-action police-dscp-trancemit
exit
exit
interface 0.6
service-policy input policy
mls qos cos 1
exit
interfce range fa0/19 - 24
mps qos trust dscp
mps qos cos 1
priority-queue out
exit
SW1
mls qos
ms qos srr-queue outout dscp-map queue 1 56
interface range fa019 - 24
mls qos trust dscp
mls qos cos 1
priority-queue out
exit
!!!K2のみ!!!
###4.4MHSRP###
SW3
int vlan 234
standby 1 ip 1.1.128.196
standby 1 preempt
standby 2 ip 1.1.128.222
standby 2 priority 105
standby 2 preempt
standby 2 track 10
rtr 10
type echo protocol ipicmpEcho 12.12.128.163
rtr schedule 10 start-time now
track 10 rtr/ipsla 10
SW4
int vlan 234
standby 1 ip 1.1.128.196
standby 1 priority 105
standby 1 preempt
standby 1 track 10
standby 2 ip 1.1.128.222
standby 2 preempt
rtr 10
type echo protocol ipicmpEcho 12.12.128.163
rtr schedule 10 start-time now
track 10 rtr/ipsla10
!!!K2のみ!!!
!!!5.1!!!
SW1
ip sla responder
SW2
SW2
mls qos
mos qos srr-queue output dscp-map queue 1 56
interface range fa0/19 - 24
mls qos trust dscp
mls qos cos
priority-queue out
int fa0/1
mls qos trust dscp
mps qos cos 1
priority-queue out
exit
!!!5.1 Ip Service Level Agreement!!!
SW1
ip spa responder
SW2
ip sa 1
tcp-connect yy.yy.7.7 23 source-ip yy.yy.8.
freuency 180
exit
ip sla 2
icmp-echo yy.yy.3.3 source-ip yy.yy.8.8
frquncy 180
exit
ip sla schedule 1 start-time now recuring
ip sla schedule 2 start-time now recuring
!!!5.2 SNMP !!!
R3
snmp-server communit public Ro
snmp-server community public ro
snmp community ciscoADMIN RW
snmp-server enable traps rsvp
snmp-server host yy.yy.128.336 public rsvp
SW2
snmp-server community public RO
snmp-server community ciscoADMIN RW
snmp-server user ciscoADMIN ciscoADMIN v1
snmp-server user ciscoADMIN ciscoADMIN v2c
snmp-server enable raps rtr
snmp-server host yy.yy.128.226 pubic rsvp
!!!5.2!!!
R3
snmp-server comunity public RO
snmp-server community ciscoADMIN RW
snmp-server enable trasps rsvp
enmp-server host yy.yy.128.226 public rsvp
SW2
snmp-server community public RO
snmp-server community public RO
snmp-server community ciscoADMIN RW
snmp-server user ciscoADMIN v1
snmp-server user ciscoADMIN v2c
snmp-server enable traps rtr
snmp-server host yy.yy.120.226 public rtr
ip sla reaction-configuration 1 react rtr threshold-type imediate action-type trapOnly
ip sla reaction-configuration 2 react rtr threshold imediate action-type traponly
###5.2snmp###K2のみ
snmp-server community public ro
snmp-server community ciscoADMIN rw
snmp-server enale traps rtr/ipsla
snmp-server hos yy.yy.128.226 public
ip sla monitor reaction-configration 1 react rtt threshold-value 40 2 0 threshold-type immediate action-type traponlyip
R3
snmo-server communitu public ro
snmo-server community ciscoADMIN rw
snmp-server host yy.yy.128.226 public
snmp-server enable traps osp cisco-specific state-change sham-link
snmp enable traps osp cisco-specific errors shamlink
snmp-server enable traps osp cisco-specific retransmit shamlink
R2
service timestamps debug datetime msec localtime
loggng count
logging buffered 100000 warnings
exception core-file rack12R2 compress
exception protocol ftp
exception dump 12.12.128.196
ip ftp username reload
ip fftp password cico
ip ftp passive
###5.2snmp###K2のみ
!!!5.3!!!
R2
logging on
servicetimestaumps log dateline msec localtime
service timestamps debug datetim msec localtime
logging count
logging buffered 100000 warnings
ip ftp username reload
ip ftp passwprd cisco
exception corefile RackyyR2 compress
exception protocol ftp
exception dump yy.yy.126.196
R4
extendded ip access-list copp_acl_atack
10 permit udp any any eq 1434
20 permit udp any any eq 1434 any
30 permit ip any any fragments
extended ip access-list copp_acl_bgp
10 permit tcp any eq bgp host 1.1.4.4
20 permit tcp any host 1.1.4.4 eq bgp=179
extended ip access-list copp_acl_ldp
10 permit tcp any host 1.1.4.4 eq 646
20 permit tcp any eq 646 host 1.1.4.4
30 permit udp any eq 646 host 224.0.0.2 eq 646
extended ip access-list copp_acl_mgmt
10 permit icmp any any
20 permit pim any any
extended ip access-list copp ospf
!!!5.4!!!
R4
mls qos
class map match-all telnet id3
matchaccess-group name copp_acl_telnet
class-map match-all attack
match access-group name copp_acl_attack
clas map match-all mgmt
match access-group name copp_acl_mgmt
class-map match-any class-default
match any
class map match-any ldp_bgp_ospf_eigrp id 1
match access-group name copp_acl_ldp
match access-group name copp_acl_bgp
match access-group name copp_acl_ospf
match access-group name copp_acl_eigrp
class-map match-all l2arp
match protocol arp
policy map police
class attack
policerate 10 pps burst 2 packet
conform-action drop
exceed-action drop
class ldp_bgp_ospf_eigrp
class telnet
poolicerate 100 pps burst 24 packets
conform action transmit
exceeded action trancemit
2011年12月6日火曜日
134
!!!1.2 Trouble shoot Layer2Switching!!!
SW3-4
int fa0/24
no switchport access vlan 44
switchport trunk encapslation dot1q
SW1-SW4
vtp domain CCIERoutingandSwitching
vtp pass cico
SW2
int s0/0/0no
no switchport backup int fa0/0
R1
int s0/0
ip add yy.yy.15.249 255.255.255.255
no peer neighbor-route
R3
int bs0/1ip add yy.yy.15.245 255.255.255.252
no peer neighbor route
R5
int s0/0
ip add yy.yy.15.250 255.255.255.252
no peer neighbor route
int s0/1
ip add yy.yy.15.246 255.255.255.252
no peer-neighbor route
!!!Implement the access-switch ports of switched network!!!
SW1
spanning-tree vlan 1-4094 priority 0
int fa0/3
switchport mode access
switchport access vlan 3
int fa0/4
switchport mode access
switchport access vlan 44
int fa0/5
switchport mode access
switchport access vlan 15
int fa0/10
switchport mode access
switchport access vlan 15
int vlan 11
ip add yy.yy.15.162 255.255.255.224
no shut
int vlan 13
ip add yy.yy.12.194 255.255.255.224
no shut
SW2
int fa0/1
switchport mode access
switchport access vlan 11
int fa0/3
switchport mode access
switchport access vlan 13
int fa0/4
switchport mode access
switchport access vlan 24
int fa0/5
switchport mode access
switchport access vlan 45
int fa0/10
switchport mode access
switchport access vlan 2
spanning-tree guard root
int vlan 22
ip add yy.yy.16.139 255.255.255.224
no shut
int vlan 2
ip add 150.2.yy.1 255.255.255.0
no shut
SW3
int fa0/10
switchport mode access
switchport access vlan 2
spanning-tree guard root
SW4
int vlan 44
ip add yy.yy.15.66 255.255.255.224
no shut
int vlan 45
ip add yy.yy.15.98 255.255.255.224
no shut
SW2
int fa0/2
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
switchport trunk allowed vlan 22,24
R2
int fa0/1
no ip add
no shut
int fa 0/1.22
encapslation dot1q 22
ip add yy.yy.15.129 255.255.255.224
int fa0/1.24
encapslation do1q 24
ip add yy.yy.15.34 255.255.255.224
SW1
spanning-tree portfast default
spaning-tree portfast bpdufilter default
SW2
spanning-tree portfast default
spannig-tree bpdufilter default
SW3
spanning-tree portfast default
spanning-tree portfast bpdufilter default
SW4
spanning-tree portfast default
spanning-tree portfast bpdufilter deault
!!!Implement frame relay!!!
R4
frame-switching
int s0/0
encapslation frame-relay ietf
frame-relay intf-ty dce
clockrate 64000
frame-relay ansi
frame-relay route 100 interface serial 0/1 200
no ip add
no shut
exit
int s0/1
encapslation frame-relay ietf
clockrate 64000
frame-relay lmi-ty ansi
frame-relay route 200 interface s 0/0 100
no ip add
end
int s0/0
encapslatino frame-relay ietf
no frame-relay inverse-arp
no arp frame-relay
no ip add
no shut
exit
int s0/0.100 point-to-point
ip add yy.yy.15.242 255.255.255.252
no shut
fram-relay interface-dlci 100 ietf
end
int s0/0
encapslation frame-relay ietf
no frame-relay inverse-arp
no arp frame-relay
no i add
no shut
exi
int s0/0.200 point-to-point
ip add yy.yy.15.241 255.255.255.252
no shu
frame-relay interface-dlci 200 ietf
end
!!!Traffic control protection from the backones!!
SW1
int fa0/10
storm-control broadcast level 50
SW2
interface fa0/10
storm-control broadcast level 50
SW3
interface fa0/10
storm-control broadcast lebel 50
R1
interface fa0/1
ip add yy.yy.15.162 255.255.255.224
no shut
exit
int s0/1
bandwidth 128
encapslation ppp
no peer neighbor-route
ip adde yy.yy..15.249 255.255.255.252
no shut
end
R3
int fa0/1
ip add yy.yy.15.193 255.255.255.224
no shut
exit
int fa0/0
ip add 150.3.yy.1 255.255.255.0
no shut
int s0/0
ncapslation ppp
no peer neighbor-route
ip add yy.yy.15.245 255.255.255.252
no shut
end
R4
int fa0/1
ip add yy.yy.15.33 255.255.255.224
no shut
exit
R5
int fa0/1
ip add yy.yy.15.97 255.255.255.224
no shut
exit
int fa0/0
ip add 150.1.yy.1 255.255.255.0
no shut
exit
int s0/0
bandwidth 128
encapslation ppp
no peer-neighbor route
ip add yy.yy.15.250 255.255.255.252
no shut
exit
int s0/1
encapslation ppp
no peer neighbor-route
ip add yy.yy.15.246 255.255.255.252
no shut
end
!!!K3のみ!!!
・As per the VLAN tables configure VLANs for the access switch ports
・Also include the ports to BB1, BB2 and BB3
・Trunk between SW2-fa0/2 and R2-FA0/1 should be configured
・In the access switch port avoid transmitting BPDUs, when BPDU is received in any of these ports, the port should transmit back to the listening, learning and forwarding process.
・In the routers including trunk configuration should add any special layer2 commands which are required
・For these access switch ports, by passing the listening and learning states, the spanning tree enters the forwarding state immediately and ensure this.
!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
SW1:
Interface fa0/3
Swi acc vlan 5
Swi mode acc
!
Int fa0/4
Swi acc vlan 46
Swi mode acc
!
Int fa0/5
Swi acc vlan 17
!
Int fa0/10
Swi acc vlan 17
!
Int vlan 13
Ip add YY.YY.13.157 255.255.255.224
No shut
!
Int vlan 15
Ip add YY.YY.13.189 255.255.255.224
No shut
SW4 and SW4
Spanning-tree portfast default
Spanning-tree portfast bpdugurard default
Errdisable recovery cause bpduguard
Errdisable recovery interval 300
Note** The default timeout interval is 300 seconds and , by default the timeout is disabled.
SW2
Int fa0/1
Swi acc vlan 13
Swi mode acc
!
Int fa0/2
Swi tru encap dot1q
Swi tru all vlan 22,24
Swi mode trunk
!
Int fa0/3
Swi acc vlan 15
Swi mode acc
!
Int fa0/4
Swi acc vlan 26
Swi mod acc
!
Int fa0/5
Swi acc vlan 47
Swi mode acc
!
Int fa0/10
Swi acc vlan 4
Swi mode acc
!
Int vlan 4
Ip add 150.2.YY.1 255.255.255.0
!
Int vlan 24
Ip add YY.YY.13.125 255.255.255.224
No shut
SW3
Int fa0/10
Swi acc vlan 5
Swi mode acc
SW4
Int vlan 46
Ip add YY.YY.13.61 255.255.255.224
No shut
!
Int vlan 47
Ip add YY.YY.13.93 255.255.255.224
No shut
R2
Int fa0/1
No shut
!
Int fa0/1.24
Encap dot1q 24
Ip add YY.YY.13.124 255.255.255.224
!
Int fa0/1.26
Encap dot1q 26
Ip add YY.YY.13.29 255.255.255.224
R3
Int fa0/0
Ip add 150.3.YY.1 255.255.255.0
No shut
R5
Int fa0/0
Ip add 150.1.YY.1 255.255.2555..0
No shut
2.4 Frame Relay Configuration
Consider the points to configure R1 and R2 for frame relay and R4 as the frame realy switch, use auto-sensing on R1 & R2 and ANSI LMI on Frame Relay switch, avoid any static inverse ARP frame-relay maps. For encapsulation use RFC1490/RFC2427 (IETF Encapsulation)
Frame Relay DLCI details
・R1 Frame Relay interface 101
・R2 Frame Relay interface 201
!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
R1
Interface s0/0/0
Encap frame-relay ietf
No frame-relay inverse-arp
No shut
Ip add YY.YY.13.127 255.255.255.252
Frame-relay map ip YY.YY.13.236 100 broadcast
Frame-relay map ip YY.YY.15.242 100
Clockrate 256000
No shut
!
Int s0/0/0/101
Point-to-point
Ip address YY.YY.13.237 255.255.255.252
!
R2
Int s0/0/0
Encap frame-relay ietf
No frame-relay inverse-arp
No shut
!
Interface serial 0/0/0/201
Point-to-point
Ip add YY.YY.13.236 255.255.255.252
R4
Frame-relay switching
!
Interface s0/0/0
Encap frame-relay
Clock-rate 256000
Frame-relay lmi-type ansi
Frame-relay intf-type dce
Frame-relay router 101
Interface serial 0/1/0 201
No shut
!
Int s0/0/1
Encap frame-relay
Clock rate 256000
Frame-relay lmi-type ansi
Frame-relay intf-type dce
Frame-relay route 201
Interface serial0/0/0 101
No shut
!!!K3のみ!!!
!!!trunking manipulations!!!
K1 3,11,13,15,44,45
K3 5,13,15,46,47
SW1
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45
SW2
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45
SW3
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45
SW4
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan
2,3,11,13,15,22,24,44,45
!!!2.1Implement ipv4 ospf!!!
R1
router ospf yy
net yy.yy.1.1 0.0.0.0 area 0
net yy.yy.15.242 0.0.0.0 arez 2
net yy.yy.15.161 0.0.0.0 area 0
R2
router ospf yy
net yy.yy.2.2 0.0.0.0 area 0
net yy.yy.15.242 0.0.0.0 area 2
net yy.yy.15.161 0.0.0.0 area 0
R3
router ospf yy
net yy.yy.3.3 0.0.0.0 area 2
net yy.yy.15.193 0.0.0.0 area 0
SW1
ip routing
router ospf yy
net yy.yy.7.7 0.0.0.0 area 0
net yy.yy.15.194 0.0.0.0 area 0
net yy.yy.7.7 0.0.0.0 area 0
SW2
ip routing
router ospf yy
net yy.yy.15.130 0.0.0.0 area 2
net yy.yy.8.8 0.0.0.0 area 2
R1
router ospf yy
area 2 nssa default information originate
R2
router ospf yy
area 2 nssa
SW2
router ospf yy
area 2 nssa
R1
interfce s0/0.100 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multipiler 20
R2
interfce s0/0.200 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multipiler 20
※K1とK3はhello-multipiler 5
!!!2.2Implement ipv4 eigrp!!!
※K1,K3はauto summary→no auto summary
R1
router eigrp yy
auto-summary
network yy.yy.15.249 0.0.0.0
R3
router eigrp yy
auto-summary
net yy.yy.15.245 0.0.0.0
R5
router eigrp yy
auto-summary
network yy.yy.5.5 0.0.0.0
network yy.yy.15.97 0.0.0.0
net yy.yy.15.246 0.0.0.0
net yy.yy.15.250 0.0.0.0
SW4
ip routing
router eigrp yy
net yy.yy.10.10 0.0.0.0
net yy.yy.15.98 0.0.0.0
R3
router ospf yy
redistribute eigrp 100 subnets
※K3K1ではmetric-ty 1 追加
R3
router eigrp 100
auto-summary
net 150.3.yy.1 0.0.0.0
R3
router eigrp yy
redistribute eigrp 100 metric 10000 100 255 1 1500
int s0/0
ip summary-address eigrp yy 198.2.0.0 255.255.248.0
R1
※K3以下追加
permit ip host 198.2.2.0 host 255.255.255.0
permit ip host 198.2.2.0 host 255.255.255.0
ip access-list standard
permit ip host 4.1.1.0 host 255.255.255.0
permit ip host 128.28.2.0 host 255.255.255.0
pormit ip host 198.1.1.4 host 255.255.255.252
permit ip host 198.2.1.0 host 255.255.255.0
permit ip host 198.2.3.0 host 255.255.255.0
permit ip host 198.2.5.0 host 255.255.255.0
permit ip host 198.2.0.0 host 255.255.255.0
permit ip host 1503.yy.0 host 255.255.255.9
route-map filter deny 10
match ip add 100
filter permit 20
router ospf yy
redistribute eigrp yy subnets route-map rilter
※K1K3ではmetric-ty 1追加
router eigrp yy
redistribute eigrp yy subnets route-map filter
router eigrp y
redistribute ospf yy metric 10000 100 255 1 1500 route-map filter
!!!2.3 Implement Rip Version 2!!!
※K1,K3はauto summary→no auto summary
R2
router rip
ver 2
auto-summary
passve-interface default
nrighbor yy.yy.15.33
netwok yy.0.0.0
exit
int fa0/1.24
ip rip receive ver 2
auto-summary
passive-interface default
neighbor y.yy.15.34
neighbor yy.yy.15.66
network yy.0.0.0
exit
int fa 0/0
ip rip receive ver 2
int fa0/1
ip rip rceive ver 2
SW4
router rip
ver
auto-sunary
passive interface default
nei yy.yy.5.5
net yy.0.0.0
exit
int vlan 44
ip recerive ver 2
R2
router osp yy
redistribute rip subnets
router rip
redistibute ospf yy metric
↑
※※※※※※※K1とK3※※※※※※※
Router rip
Redistribute ospf 11 metric 3 route-map filter
Ip prefix-list nssa per 0.0.0.0/0
Route-map filter deny 10
Match ip add filter nssa
Route-map filter per 20
Access-list 10 deny 11.11.2.2
Access-list 10 permit any
※※※※※※※K1とK3※※※※※※※
SW4
router rip redisriute eigrp yy metirc 2
router eigrp yy
redistribute metric 10000 100 255 1 1500
↑
※※※※※※※K1とK3※※※※※※※
Router eigrp 11
Redistribute rip metric 10000 100 255 1 1500 route-map perrip
Ip prefix-list rip per 11.11.2.2/32
Ip prefix-list rip per 11.11.4.4/32
Ip prefix-list rip per 11.11.15.32/27
Ip prefix-list rip per 11.11.15.64/27
Route-map perrip permit 10
Match ip add prefix rip
※※※※※※※K1とK3※※※※※※※
R2
router ospf yy
distanve 125 yy.yy.1.1 0.0.0.0 1
exit
access-list 1 permit yy.yy.4.4
access-list 1 permit yy.yy.10.10
access-list 1 permit yy.yy.15.64
router rip
offset-list 2 out 3 fa 0/1.24
access-list 2 deny yy.yy.2.2
access-list 2 permit any
SW4
router rip
distance 175 yy.yy.15.65 0.0.0.0 1
access-list 1 deny yy.yy.2.2
access-list 1 deny yy.yy.4.4
access-list 1 deny yy.yy.15.32
access-list 1 permit any
※※※※※※※K4のみ※※※※※※※
access-list 2 deny 0.0.0.0
access-list 2 router rip
desstribute-list 2 in vlan 44
※※※※※※※K4のみ※※※※※※※
SW4
※※※※※※※K4のみ※※※※※※※
router eigrp 30
redistribute rip metric 10000 100 255 1 1500 deny_default
accss-list 1 per 0.0.0.0
route-map deny_default deny 10
match ip add 1
route-map deny_default per 20
※※※※※※※K4のみ※※※※※※※
R2
※※※※※※※K4のみ※※※※※※※
router rip
distribute-list 1 in fastethernet0/1.24
access-list 11 deny 150.1.0.0
access-list 11 deny 150.3.0.0
access-list 11 deny 1.0.0.0
access-list 11 deny 128..28.0.0
access-list 11 deny 198.1.1.0
access-list 150.2.0.0
access-list 11 permit any
※※※※※※※K4のみ※※※※※※※
!!!2.4 Implement IPV6!!!
R4
ipv6 unicast-routing
interface fa0/1
ipv6 adress fci1:db8:749::/64 eui-64
R2
ipv6 unicast-routing
int fa0/1.24
ipv6 address fc01:db8:74:9::/64eui-64
intereface s0/0.12
ipv6 add fc01:db8:74:a::/64eui-64
R1
ipv6 unicast-routing
interface serial0/0.12
ipv6 address fc01:db8:74:a::/64 eui-64
interace fa0/1
ipv6 address fc01:db8:74:b::/64eui-64
SW1
sdm prefer dual-ipv4-and-aipv6 routing
ipv6 unicast-routing
interface vlan 11
ipv6 address fc01:db8:74:b::/64 eui-64
R4
ipv6 router ospf yy
router-id yy.yy.4.4
interface fa0/1
ipv6 ospf yy area 0
R2
ipv6 router ospf yy
router-id yy.yy.2.2
interface fa0/1.24
ipv6 ospf yy area 0
interface s 0/012
ipv6 opsf yy area 1
R1
ipv6 router ospf yy
route-id yy.yy.1.1
interfae s0/0.12
ipv6 ospf yy area 1
interface fa0/1
ipv6 ospf yy ara 1
SW1
ipv6 router ospf yy
router-id yy.yy.7.7
interface vlan 11
ipv6 ospf yy area 1
!!!Implement IPV4 BGP!!!
R1
router bgp yy1
bgp router-id yy.yy.1.1
bgp confederation identifer yy
bgp confederation peers yy2
neighbor ibgp peer-group
neighbor ibgp remote-ad yy1
neighbor ibgp update-source lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp
neighbor yy.yy.2.2 remote-as yy2
neighbor yy.yy.2.2 ebgp multihop 255
neighbor yy.yy.2.2 update-source lo 0
R3
router bgp yy1
bgp router-id yy.yy.3.3
bgpconederation identifer yy
neighbor bgp peer-group
neighbor ibgp remote-as yy1
neighbor ibgp update-source lo 0
neighbor yy.yy.1.1 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp
R5
router bgp yy
bgp brouter-id yy.yy.5.5
bgp confederation identifer yy
neighbor ibgp peer-group
neighbor ibgp remote-as yy1
neighbor ibgp update-source lo 0
neighro yy.yy.1.1 peer-group ibgp
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp
neighbor 150.1.yy.254 remote-as 254
access-list 1 permit 197.68.20.0 0.0.3.255
route-map local-pre permit 10
match p add 1
set local pre 200
exit
roue-map local-pre permi 20
SW4
router bgp yy1
bgp router-id yy.yy.10.10
bgp confederation ientifer yy
bgp confederaton peer yy2
neighbor ibgp peer-group
neighbor ibgp remote-as yy1
neirhbor ibgp upatesource lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.1.1 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.2.2 remote-as yy2
neighbor yy.yy.2.2 egp multihop 255
neighbor yy.yy.2.2 update-source lo 0
R2
rouer bgp yy2
bgp router-id yy.yy.2.2
bgp confederatino identifer yy
bgp confederaton peersyy1
neighbor yy.yy.2.2 remote-as yy1
neighbor yy.yy.2.2 update source lo 0
R2
router bgp yy2
bgp confederation identifer yy
bgp confederation peers yy2
neighbor ibgp peer-group
neighbor ibgp remote-as yy1
neir ibgp upteda-source lo 0
neirhbor yy.yy.1.1 peer-g ibgp
nei yy.yy.3.3 peer-g ibgp
nei yy.yy.5.5 peer-g ibgp
nei yy.yy.2.2 remote-as yy2
nei yy.yy.2.2 udate-sourc lo0
R2
router bgp 2
bgp router-id yy.yy.2.2
bgp confederation identifer yy
bgp onfederation peers yy1
neighbor yy.yy.1.1 remote-as yy1
neighbor yy.yy.1.1 ebgp multihop 255
neighbor yy.yy.1.1 upate-sourve lo 0
neirhbor yy.yy.10.10 remote-as yy1
neighbor yy.yy.10.10 ebgp-multihop 255
neighbor yy.yy.10.10 update-source lo 0
neighbor yy.yy.8.8 remote-as yy2
neighboryy.yy.8.8 update-source lo 0
SW2
router bgp yy2
bgp router-id yy.yy.8.8
bgp confederatin identifer yy
neighbor yy.yy.2.2 remote-as yy2
neirhbor yy.yy.2.2 update-source lo 0
nei 150.2.yy.254 remote-as 254
R5
route-map conbb1 permit 10
match interfce fa0/;0
exit
router eigrp yy
redisribute connected routemap connbb1 metric 10000 100 255 1 1500
routepmap connbb2 permi 10
match interface vlan 2
exit
router ospf y
redistribute connected subnets route-map connbb2
R3
acces-list 1 permit 150.1.yy.0
accss-list 1 permit 150.2.yy.0
router ospf yy
distance 175 yy.yy.1.1 0.0.0.0 1
※※※※※※※K1とK3※※※※※※※
3.5 Implement IPV4 BGP
Refer to the BGP routing diagram, configure BGP with these parameters:
Configure two confederations R1, R3, R5 and SW4 (ASYY1) and R2 and SW2 (ASYY2)
The confederation peers should neighbor between R1 and R2 and between SW4 and R2
EBGP: SW2EBGP peer with the router 150.2.YY.254 on backbone 2 in AS 254. This router advertise five routes with format 197.68.x.0/24 and AS patch 254
EBGP:R5 EBGP peer with the router 150.2.YY.254 on backbone 1 in AS 254, This router advertise five routes with format 197.68.x.0/24 and AS patch 253
The BGP devices should all prefer the path through R5 (150.1.YY.254) for network 197.68.21.0/24 and 197.68.22.0/24. The (IBGP) devices should all prefer the path through SW2 (150.2.Yy.254) for network 197.68.1.0/24 and 197.68.5.0/24. This manipulations should be accomplished only on one router using route-maps that refer to a single access-list
Configure only the loopback0 ip addres to propagate BGP route information
!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
R1
Router bgp 111
Bgp router-id 11.11.1.1
Bgp log-neighbor-changes
Bgp confederation identifier 11
Bgp confederation peers 112
Neighbor 11.11..2.2 remote-as 112
Neighbor 11.11.2.2 update-source Lo0
Neighbor 11.11.11.11 remote-as 52
Neighbor 11.11.1.1 ebgp multihop 255
Neighbor 11.11.11.11 remote-as 111
Neighbor 11.11.11.11 update-source Lo0
No auto-summary
R3
Router bgp 11
No synchronization
Bgp router-id 11.11.3.3
Neighbor 11.11.1.1 remote-as 111
Neighbor 11.11.1.1 update-source Lo0
No auto-summary
SW4
Router bgp 11
Bgp confederation peers 112
Bgp confederation identifier 11
Bgp router-id 11.11.10.10
Neighbor 11.11.2.2 remote-as 112
Neighbor 111.11.2.2 ebgp multihop 10
Neighbor 11.11.11.11 update-source Lo0
No auto-summary
R5:
Router bgp 11
No synch
Bgp router-id 11.11.11.11
Bgp log-neighbor-changes
Bgp confederation identifier 11
Neighbor ibgp peer-group
Neighbor ibgp remote-as 111
Neighbor ibgp loopback0
Neighbor as 52 route-reflector-client
Neighbor as 52 next-hop-self
Neighbor 11.11.1.1 peer-group ibgp
Neighbor 11.11.3.3 peer-group ibgp
Neighbor 11.11.10.10. peer-group ibgp
Neighbor 150.111.254 remote-as ibgp
Neighbor 150.1.11.254 route-map loc in
No auto-summary
Ip access-list extra 127
Access-list 5 permit 197.68.21.0 0.0.0.255
Access-list 5 permit 197.68.22.0 0.0.0.255
Route-map loc permit 10
Match ip address 127
Set local-preference 200
SW2:
Router bfp 112
No sync
Bgp router-id 11.11.8.8
Bgp confederation identifier 11
Neighbor 11.11.2.2 remote-as 112
Neighbor 11.11.2.2 update-source loopback0
Neighbor 11.11.2.2 next-hop-self
Neighbor 150.2.5.254 remote-as 254
No auto-summary
R2
Router bgp 112
No sync
Bgp router-id 11.11.2.2
Bgp log-neighbor-changes
Bgp confederation identifier 11
Bgp confederation peers 111
Neighbor ebgp peer-group
Neighbor ebgp remote-as 111
Neighbor ebgp update source Lo0
Neighbor 11.11.2.2 ebgp-multihop 10
Neighbor 11.11.10.10 peer-group ebgp
Neighbor 11.11.8.8 remote-as 112
Neighbor ebgp update-source Lo0
※※※※※※※K1とK3※※※※※※※
!!!Implement PIM sparse mode for IPV6!!!
R4
ipv6 cef
ipv6 multicast-routing
R2
ipv6 cef
ipv6 multicast-routing
R1
ipv6 cef
ipv6 multicast-routing
R4
ipv6 access-list mul
permit ipv6host ff08::4000:4000 au
ipv6 pom rp-adress FC01:DB8:74:9:C203:4FF:FEC0:1 mul
R2
ipv6 access-list mul
permit ipv6 host ff08::4000 4000 any
ipv6 pim rp-adress FC01:DB8:74:9:C203:4FF:FEC0:1 mul
R1
ipv6 access-list mul
permit ipv6 host ff08::4000:400 any
ipv6 pim rp-address FC01:DB8:74:9:c203:4FF:FC01:1 mul
!!!3.2 Muticast joins!!!
R2
interface s0/1.12
ipv6 mld join-group FF08::4000:4000
or
R1
interface s0/0/0.12
ipv6 mld join-group f08:4000:4000
!!!4.1 secure Http Access!!!
R5
aaa new-model
aaa authenticatin login default line none
aaa authentication hoginn HTTP local0case
aaa authorization exec HTTP local
no ip http server
ip hrrp secure-server
ip http authtentication aaa login-authtentication HTTP
ip http authenticaton aaa exec-authorization HTTP
username cisco prviledge 1 password cisco
username ADMIN priviledge 15 password CISCO
!!!4.2 secure the wan ppp links!!!
R5
aaa authtnetication ppp R1 group radius local0case
aaa authtentication ppp R3 group tacacs+ local-case
radius-server host 198.2.5.128 key cisco
username RACKYYR1 password cisco
username BACKUP password CISCO
int s0/0
ppp authentication chap R1
interface s0/1
ppp authentication chap R3
R1
interface s0/1
ppp chap hostname RACKYYR1
ppp chap pasword cisco
R3
int s0/0
ppp chap hostname BACKUP
ppp chap password CISCO
!!!4.3MQC-Based Frame-relay traffic shaping!!!
R2
class-map voip
match ip dscp ef
class-map match-any data
match ip dscp af11
match ip dscp af21
policy-map cisco
class-voip
priority percent 40
exit
class data bandwidth percent 35
policy-map mqc
class class-default
fair-queue
shape average 64000
shape adaptive 32000
service-policy cisco
map-class frame-relay FRTS
srvice-policy putput mqc
interface srial 0/0.200
frame-relay inteface-dlci 200
class FRTS
!!!4.4 AutoQOS over PPP!!!
R1
interface s0/1
auto discovery qos trust
auto qos voip trust
R5
interface s0/0
auto discovery qos trust
auto qos voip trust
R1R5
interface
multilink xxxx
no peer neighbor-rotue
!!!4.5 First Hop Redundancy!!!
※()はK4のみ
R2
interface fa0/1.24
glbp 1 yy.yy.15.36
glbp 1 preempt
(gpbp 1 weighting 100 lower 95)
gbp1 authentication md5 key-string cisco
R4
int fa0/1
glbp 1 yy.yy.15.35
glbp 1 preemt
glbp 1 priority 105
(glbp 1 weighting 100 lower 95)
glbp 1 authentication MD5 key-string cisco
(glbp 1 weighting track 10 decrement 20)
(track 10 ip route 0.0.0.0 reachability )
!!!4.6 Poled and broadcast NTP!!!
R4
clock set 8:00 1 jan 2000
clock time-zone HK +8
ntp master 3
ntp source lo 0
ntp update-calender
interface fa0/1
ntp broadcast
R2
clock timezone HK+8
ntp server yy.yy.4.4
ntp update-calender
interface fa0/1.24
ntp broadcast client
R3
clock timezone HK +8
ntp server yy.yy.4.4
ntp update-calender
!!!4.7 Syslog!!!
R3 logging on
logging trap critical
logging facility local 6
logging host 150.3.yy.10
logging source-interface lo 0
!!!5.1 netflow data export !!!
R4
ip flow-export version 9
ip flow-export source lo 0
ip flow-export destination 198.2.5.10 9991
ip multicast netflow rpf-failure
ip multicast netflow output-counters
interace fa0/1
ip flow ingres
ip flow egress
!!!5.2 Embedded event manager monitor of cpu!!!
R3
event manager appler CPU
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.8 get-type exact entry-op ge
entry-val 60 poll-interval 60
action 1.0 cli command enable
acrion 2.0 tcl flash:eem.tcl
action 3.0 mail server 198.2.5.10 to enngineer@cisco.com from "EEM@cisco.com"subjct"CPUAlert5min"body"$_cli_result"
tclsh
puts[open"flash:eem.tcl"w+]{
set cpu[exec"show processes cpu sorted 5min"]
set cpu_ooutput[split $cpu"n"]
sen n 0
while [$n,13][
puts[index$cpu_output$n]
incr n}
exit
!!!5.3 Tftp server!!!
R3
access-list 4 permit yy.yy.4.4
access-list 4 permit yy.yy.15.33
access-list 4 permit yy.yy.15.65
tftp-server flash:test4
SW3-4
int fa0/24
no switchport access vlan 44
switchport trunk encapslation dot1q
SW1-SW4
vtp domain CCIERoutingandSwitching
vtp pass cico
SW2
int s0/0/0no
no switchport backup int fa0/0
R1
int s0/0
ip add yy.yy.15.249 255.255.255.255
no peer neighbor-route
R3
int bs0/1ip add yy.yy.15.245 255.255.255.252
no peer neighbor route
R5
int s0/0
ip add yy.yy.15.250 255.255.255.252
no peer neighbor route
int s0/1
ip add yy.yy.15.246 255.255.255.252
no peer-neighbor route
!!!Implement the access-switch ports of switched network!!!
SW1
spanning-tree vlan 1-4094 priority 0
int fa0/3
switchport mode access
switchport access vlan 3
int fa0/4
switchport mode access
switchport access vlan 44
int fa0/5
switchport mode access
switchport access vlan 15
int fa0/10
switchport mode access
switchport access vlan 15
int vlan 11
ip add yy.yy.15.162 255.255.255.224
no shut
int vlan 13
ip add yy.yy.12.194 255.255.255.224
no shut
SW2
int fa0/1
switchport mode access
switchport access vlan 11
int fa0/3
switchport mode access
switchport access vlan 13
int fa0/4
switchport mode access
switchport access vlan 24
int fa0/5
switchport mode access
switchport access vlan 45
int fa0/10
switchport mode access
switchport access vlan 2
spanning-tree guard root
int vlan 22
ip add yy.yy.16.139 255.255.255.224
no shut
int vlan 2
ip add 150.2.yy.1 255.255.255.0
no shut
SW3
int fa0/10
switchport mode access
switchport access vlan 2
spanning-tree guard root
SW4
int vlan 44
ip add yy.yy.15.66 255.255.255.224
no shut
int vlan 45
ip add yy.yy.15.98 255.255.255.224
no shut
SW2
int fa0/2
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
switchport trunk allowed vlan 22,24
R2
int fa0/1
no ip add
no shut
int fa 0/1.22
encapslation dot1q 22
ip add yy.yy.15.129 255.255.255.224
int fa0/1.24
encapslation do1q 24
ip add yy.yy.15.34 255.255.255.224
SW1
spanning-tree portfast default
spaning-tree portfast bpdufilter default
SW2
spanning-tree portfast default
spannig-tree bpdufilter default
SW3
spanning-tree portfast default
spanning-tree portfast bpdufilter default
SW4
spanning-tree portfast default
spanning-tree portfast bpdufilter deault
!!!Implement frame relay!!!
R4
frame-switching
int s0/0
encapslation frame-relay ietf
frame-relay intf-ty dce
clockrate 64000
frame-relay ansi
frame-relay route 100 interface serial 0/1 200
no ip add
no shut
exit
int s0/1
encapslation frame-relay ietf
clockrate 64000
frame-relay lmi-ty ansi
frame-relay route 200 interface s 0/0 100
no ip add
end
int s0/0
encapslatino frame-relay ietf
no frame-relay inverse-arp
no arp frame-relay
no ip add
no shut
exit
int s0/0.100 point-to-point
ip add yy.yy.15.242 255.255.255.252
no shut
fram-relay interface-dlci 100 ietf
end
int s0/0
encapslation frame-relay ietf
no frame-relay inverse-arp
no arp frame-relay
no i add
no shut
exi
int s0/0.200 point-to-point
ip add yy.yy.15.241 255.255.255.252
no shu
frame-relay interface-dlci 200 ietf
end
!!!Traffic control protection from the backones!!
SW1
int fa0/10
storm-control broadcast level 50
SW2
interface fa0/10
storm-control broadcast level 50
SW3
interface fa0/10
storm-control broadcast lebel 50
R1
interface fa0/1
ip add yy.yy.15.162 255.255.255.224
no shut
exit
int s0/1
bandwidth 128
encapslation ppp
no peer neighbor-route
ip adde yy.yy..15.249 255.255.255.252
no shut
end
R3
int fa0/1
ip add yy.yy.15.193 255.255.255.224
no shut
exit
int fa0/0
ip add 150.3.yy.1 255.255.255.0
no shut
int s0/0
ncapslation ppp
no peer neighbor-route
ip add yy.yy.15.245 255.255.255.252
no shut
end
R4
int fa0/1
ip add yy.yy.15.33 255.255.255.224
no shut
exit
R5
int fa0/1
ip add yy.yy.15.97 255.255.255.224
no shut
exit
int fa0/0
ip add 150.1.yy.1 255.255.255.0
no shut
exit
int s0/0
bandwidth 128
encapslation ppp
no peer-neighbor route
ip add yy.yy.15.250 255.255.255.252
no shut
exit
int s0/1
encapslation ppp
no peer neighbor-route
ip add yy.yy.15.246 255.255.255.252
no shut
end
!!!K3のみ!!!
・As per the VLAN tables configure VLANs for the access switch ports
・Also include the ports to BB1, BB2 and BB3
・Trunk between SW2-fa0/2 and R2-FA0/1 should be configured
・In the access switch port avoid transmitting BPDUs, when BPDU is received in any of these ports, the port should transmit back to the listening, learning and forwarding process.
・In the routers including trunk configuration should add any special layer2 commands which are required
・For these access switch ports, by passing the listening and learning states, the spanning tree enters the forwarding state immediately and ensure this.
!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
SW1:
Interface fa0/3
Swi acc vlan 5
Swi mode acc
!
Int fa0/4
Swi acc vlan 46
Swi mode acc
!
Int fa0/5
Swi acc vlan 17
!
Int fa0/10
Swi acc vlan 17
!
Int vlan 13
Ip add YY.YY.13.157 255.255.255.224
No shut
!
Int vlan 15
Ip add YY.YY.13.189 255.255.255.224
No shut
SW4 and SW4
Spanning-tree portfast default
Spanning-tree portfast bpdugurard default
Errdisable recovery cause bpduguard
Errdisable recovery interval 300
Note** The default timeout interval is 300 seconds and , by default the timeout is disabled.
SW2
Int fa0/1
Swi acc vlan 13
Swi mode acc
!
Int fa0/2
Swi tru encap dot1q
Swi tru all vlan 22,24
Swi mode trunk
!
Int fa0/3
Swi acc vlan 15
Swi mode acc
!
Int fa0/4
Swi acc vlan 26
Swi mod acc
!
Int fa0/5
Swi acc vlan 47
Swi mode acc
!
Int fa0/10
Swi acc vlan 4
Swi mode acc
!
Int vlan 4
Ip add 150.2.YY.1 255.255.255.0
!
Int vlan 24
Ip add YY.YY.13.125 255.255.255.224
No shut
SW3
Int fa0/10
Swi acc vlan 5
Swi mode acc
SW4
Int vlan 46
Ip add YY.YY.13.61 255.255.255.224
No shut
!
Int vlan 47
Ip add YY.YY.13.93 255.255.255.224
No shut
R2
Int fa0/1
No shut
!
Int fa0/1.24
Encap dot1q 24
Ip add YY.YY.13.124 255.255.255.224
!
Int fa0/1.26
Encap dot1q 26
Ip add YY.YY.13.29 255.255.255.224
R3
Int fa0/0
Ip add 150.3.YY.1 255.255.255.0
No shut
R5
Int fa0/0
Ip add 150.1.YY.1 255.255.2555..0
No shut
2.4 Frame Relay Configuration
Consider the points to configure R1 and R2 for frame relay and R4 as the frame realy switch, use auto-sensing on R1 & R2 and ANSI LMI on Frame Relay switch, avoid any static inverse ARP frame-relay maps. For encapsulation use RFC1490/RFC2427 (IETF Encapsulation)
Frame Relay DLCI details
・R1 Frame Relay interface 101
・R2 Frame Relay interface 201
!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
R1
Interface s0/0/0
Encap frame-relay ietf
No frame-relay inverse-arp
No shut
Ip add YY.YY.13.127 255.255.255.252
Frame-relay map ip YY.YY.13.236 100 broadcast
Frame-relay map ip YY.YY.15.242 100
Clockrate 256000
No shut
!
Int s0/0/0/101
Point-to-point
Ip address YY.YY.13.237 255.255.255.252
!
R2
Int s0/0/0
Encap frame-relay ietf
No frame-relay inverse-arp
No shut
!
Interface serial 0/0/0/201
Point-to-point
Ip add YY.YY.13.236 255.255.255.252
R4
Frame-relay switching
!
Interface s0/0/0
Encap frame-relay
Clock-rate 256000
Frame-relay lmi-type ansi
Frame-relay intf-type dce
Frame-relay router 101
Interface serial 0/1/0 201
No shut
!
Int s0/0/1
Encap frame-relay
Clock rate 256000
Frame-relay lmi-type ansi
Frame-relay intf-type dce
Frame-relay route 201
Interface serial0/0/0 101
No shut
!!!K3のみ!!!
!!!trunking manipulations!!!
K1 3,11,13,15,44,45
K3 5,13,15,46,47
SW1
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45
SW2
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45
SW3
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45
SW4
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan
2,3,11,13,15,22,24,44,45
!!!2.1Implement ipv4 ospf!!!
R1
router ospf yy
net yy.yy.1.1 0.0.0.0 area 0
net yy.yy.15.242 0.0.0.0 arez 2
net yy.yy.15.161 0.0.0.0 area 0
R2
router ospf yy
net yy.yy.2.2 0.0.0.0 area 0
net yy.yy.15.242 0.0.0.0 area 2
net yy.yy.15.161 0.0.0.0 area 0
R3
router ospf yy
net yy.yy.3.3 0.0.0.0 area 2
net yy.yy.15.193 0.0.0.0 area 0
SW1
ip routing
router ospf yy
net yy.yy.7.7 0.0.0.0 area 0
net yy.yy.15.194 0.0.0.0 area 0
net yy.yy.7.7 0.0.0.0 area 0
SW2
ip routing
router ospf yy
net yy.yy.15.130 0.0.0.0 area 2
net yy.yy.8.8 0.0.0.0 area 2
R1
router ospf yy
area 2 nssa default information originate
R2
router ospf yy
area 2 nssa
SW2
router ospf yy
area 2 nssa
R1
interfce s0/0.100 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multipiler 20
R2
interfce s0/0.200 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multipiler 20
※K1とK3はhello-multipiler 5
!!!2.2Implement ipv4 eigrp!!!
※K1,K3はauto summary→no auto summary
R1
router eigrp yy
auto-summary
network yy.yy.15.249 0.0.0.0
R3
router eigrp yy
auto-summary
net yy.yy.15.245 0.0.0.0
R5
router eigrp yy
auto-summary
network yy.yy.5.5 0.0.0.0
network yy.yy.15.97 0.0.0.0
net yy.yy.15.246 0.0.0.0
net yy.yy.15.250 0.0.0.0
SW4
ip routing
router eigrp yy
net yy.yy.10.10 0.0.0.0
net yy.yy.15.98 0.0.0.0
R3
router ospf yy
redistribute eigrp 100 subnets
※K3K1ではmetric-ty 1 追加
R3
router eigrp 100
auto-summary
net 150.3.yy.1 0.0.0.0
R3
router eigrp yy
redistribute eigrp 100 metric 10000 100 255 1 1500
int s0/0
ip summary-address eigrp yy 198.2.0.0 255.255.248.0
R1
※K3以下追加
permit ip host 198.2.2.0 host 255.255.255.0
permit ip host 198.2.2.0 host 255.255.255.0
ip access-list standard
permit ip host 4.1.1.0 host 255.255.255.0
permit ip host 128.28.2.0 host 255.255.255.0
pormit ip host 198.1.1.4 host 255.255.255.252
permit ip host 198.2.1.0 host 255.255.255.0
permit ip host 198.2.3.0 host 255.255.255.0
permit ip host 198.2.5.0 host 255.255.255.0
permit ip host 198.2.0.0 host 255.255.255.0
permit ip host 1503.yy.0 host 255.255.255.9
route-map filter deny 10
match ip add 100
filter permit 20
router ospf yy
redistribute eigrp yy subnets route-map rilter
※K1K3ではmetric-ty 1追加
router eigrp yy
redistribute eigrp yy subnets route-map filter
router eigrp y
redistribute ospf yy metric 10000 100 255 1 1500 route-map filter
!!!2.3 Implement Rip Version 2!!!
※K1,K3はauto summary→no auto summary
R2
router rip
ver 2
auto-summary
passve-interface default
nrighbor yy.yy.15.33
netwok yy.0.0.0
exit
int fa0/1.24
ip rip receive ver 2
auto-summary
passive-interface default
neighbor y.yy.15.34
neighbor yy.yy.15.66
network yy.0.0.0
exit
int fa 0/0
ip rip receive ver 2
int fa0/1
ip rip rceive ver 2
SW4
router rip
ver
auto-sunary
passive interface default
nei yy.yy.5.5
net yy.0.0.0
exit
int vlan 44
ip recerive ver 2
R2
router osp yy
redistribute rip subnets
router rip
redistibute ospf yy metric
↑
※※※※※※※K1とK3※※※※※※※
Router rip
Redistribute ospf 11 metric 3 route-map filter
Ip prefix-list nssa per 0.0.0.0/0
Route-map filter deny 10
Match ip add filter nssa
Route-map filter per 20
Access-list 10 deny 11.11.2.2
Access-list 10 permit any
※※※※※※※K1とK3※※※※※※※
SW4
router rip redisriute eigrp yy metirc 2
router eigrp yy
redistribute metric 10000 100 255 1 1500
↑
※※※※※※※K1とK3※※※※※※※
Router eigrp 11
Redistribute rip metric 10000 100 255 1 1500 route-map perrip
Ip prefix-list rip per 11.11.2.2/32
Ip prefix-list rip per 11.11.4.4/32
Ip prefix-list rip per 11.11.15.32/27
Ip prefix-list rip per 11.11.15.64/27
Route-map perrip permit 10
Match ip add prefix rip
※※※※※※※K1とK3※※※※※※※
R2
router ospf yy
distanve 125 yy.yy.1.1 0.0.0.0 1
exit
access-list 1 permit yy.yy.4.4
access-list 1 permit yy.yy.10.10
access-list 1 permit yy.yy.15.64
router rip
offset-list 2 out 3 fa 0/1.24
access-list 2 deny yy.yy.2.2
access-list 2 permit any
SW4
router rip
distance 175 yy.yy.15.65 0.0.0.0 1
access-list 1 deny yy.yy.2.2
access-list 1 deny yy.yy.4.4
access-list 1 deny yy.yy.15.32
access-list 1 permit any
※※※※※※※K4のみ※※※※※※※
access-list 2 deny 0.0.0.0
access-list 2 router rip
desstribute-list 2 in vlan 44
※※※※※※※K4のみ※※※※※※※
SW4
※※※※※※※K4のみ※※※※※※※
router eigrp 30
redistribute rip metric 10000 100 255 1 1500 deny_default
accss-list 1 per 0.0.0.0
route-map deny_default deny 10
match ip add 1
route-map deny_default per 20
※※※※※※※K4のみ※※※※※※※
R2
※※※※※※※K4のみ※※※※※※※
router rip
distribute-list 1 in fastethernet0/1.24
access-list 11 deny 150.1.0.0
access-list 11 deny 150.3.0.0
access-list 11 deny 1.0.0.0
access-list 11 deny 128..28.0.0
access-list 11 deny 198.1.1.0
access-list 150.2.0.0
access-list 11 permit any
※※※※※※※K4のみ※※※※※※※
!!!2.4 Implement IPV6!!!
R4
ipv6 unicast-routing
interface fa0/1
ipv6 adress fci1:db8:749::/64 eui-64
R2
ipv6 unicast-routing
int fa0/1.24
ipv6 address fc01:db8:74:9::/64eui-64
intereface s0/0.12
ipv6 add fc01:db8:74:a::/64eui-64
R1
ipv6 unicast-routing
interface serial0/0.12
ipv6 address fc01:db8:74:a::/64 eui-64
interace fa0/1
ipv6 address fc01:db8:74:b::/64eui-64
SW1
sdm prefer dual-ipv4-and-aipv6 routing
ipv6 unicast-routing
interface vlan 11
ipv6 address fc01:db8:74:b::/64 eui-64
R4
ipv6 router ospf yy
router-id yy.yy.4.4
interface fa0/1
ipv6 ospf yy area 0
R2
ipv6 router ospf yy
router-id yy.yy.2.2
interface fa0/1.24
ipv6 ospf yy area 0
interface s 0/012
ipv6 opsf yy area 1
R1
ipv6 router ospf yy
route-id yy.yy.1.1
interfae s0/0.12
ipv6 ospf yy area 1
interface fa0/1
ipv6 ospf yy ara 1
SW1
ipv6 router ospf yy
router-id yy.yy.7.7
interface vlan 11
ipv6 ospf yy area 1
!!!Implement IPV4 BGP!!!
R1
router bgp yy1
bgp router-id yy.yy.1.1
bgp confederation identifer yy
bgp confederation peers yy2
neighbor ibgp peer-group
neighbor ibgp remote-ad yy1
neighbor ibgp update-source lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp
neighbor yy.yy.2.2 remote-as yy2
neighbor yy.yy.2.2 ebgp multihop 255
neighbor yy.yy.2.2 update-source lo 0
R3
router bgp yy1
bgp router-id yy.yy.3.3
bgpconederation identifer yy
neighbor bgp peer-group
neighbor ibgp remote-as yy1
neighbor ibgp update-source lo 0
neighbor yy.yy.1.1 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp
R5
router bgp yy
bgp brouter-id yy.yy.5.5
bgp confederation identifer yy
neighbor ibgp peer-group
neighbor ibgp remote-as yy1
neighbor ibgp update-source lo 0
neighro yy.yy.1.1 peer-group ibgp
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp
neighbor 150.1.yy.254 remote-as 254
access-list 1 permit 197.68.20.0 0.0.3.255
route-map local-pre permit 10
match p add 1
set local pre 200
exit
roue-map local-pre permi 20
SW4
router bgp yy1
bgp router-id yy.yy.10.10
bgp confederation ientifer yy
bgp confederaton peer yy2
neighbor ibgp peer-group
neighbor ibgp remote-as yy1
neirhbor ibgp upatesource lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.1.1 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.2.2 remote-as yy2
neighbor yy.yy.2.2 egp multihop 255
neighbor yy.yy.2.2 update-source lo 0
R2
rouer bgp yy2
bgp router-id yy.yy.2.2
bgp confederatino identifer yy
bgp confederaton peersyy1
neighbor yy.yy.2.2 remote-as yy1
neighbor yy.yy.2.2 update source lo 0
R2
router bgp yy2
bgp confederation identifer yy
bgp confederation peers yy2
neighbor ibgp peer-group
neighbor ibgp remote-as yy1
neir ibgp upteda-source lo 0
neirhbor yy.yy.1.1 peer-g ibgp
nei yy.yy.3.3 peer-g ibgp
nei yy.yy.5.5 peer-g ibgp
nei yy.yy.2.2 remote-as yy2
nei yy.yy.2.2 udate-sourc lo0
R2
router bgp 2
bgp router-id yy.yy.2.2
bgp confederation identifer yy
bgp onfederation peers yy1
neighbor yy.yy.1.1 remote-as yy1
neighbor yy.yy.1.1 ebgp multihop 255
neighbor yy.yy.1.1 upate-sourve lo 0
neirhbor yy.yy.10.10 remote-as yy1
neighbor yy.yy.10.10 ebgp-multihop 255
neighbor yy.yy.10.10 update-source lo 0
neighbor yy.yy.8.8 remote-as yy2
neighboryy.yy.8.8 update-source lo 0
SW2
router bgp yy2
bgp router-id yy.yy.8.8
bgp confederatin identifer yy
neighbor yy.yy.2.2 remote-as yy2
neirhbor yy.yy.2.2 update-source lo 0
nei 150.2.yy.254 remote-as 254
R5
route-map conbb1 permit 10
match interfce fa0/;0
exit
router eigrp yy
redisribute connected routemap connbb1 metric 10000 100 255 1 1500
routepmap connbb2 permi 10
match interface vlan 2
exit
router ospf y
redistribute connected subnets route-map connbb2
R3
acces-list 1 permit 150.1.yy.0
accss-list 1 permit 150.2.yy.0
router ospf yy
distance 175 yy.yy.1.1 0.0.0.0 1
※※※※※※※K1とK3※※※※※※※
3.5 Implement IPV4 BGP
Refer to the BGP routing diagram, configure BGP with these parameters:
Configure two confederations R1, R3, R5 and SW4 (ASYY1) and R2 and SW2 (ASYY2)
The confederation peers should neighbor between R1 and R2 and between SW4 and R2
EBGP: SW2EBGP peer with the router 150.2.YY.254 on backbone 2 in AS 254. This router advertise five routes with format 197.68.x.0/24 and AS patch 254
EBGP:R5 EBGP peer with the router 150.2.YY.254 on backbone 1 in AS 254, This router advertise five routes with format 197.68.x.0/24 and AS patch 253
The BGP devices should all prefer the path through R5 (150.1.YY.254) for network 197.68.21.0/24 and 197.68.22.0/24. The (IBGP) devices should all prefer the path through SW2 (150.2.Yy.254) for network 197.68.1.0/24 and 197.68.5.0/24. This manipulations should be accomplished only on one router using route-maps that refer to a single access-list
Configure only the loopback0 ip addres to propagate BGP route information
!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
R1
Router bgp 111
Bgp router-id 11.11.1.1
Bgp log-neighbor-changes
Bgp confederation identifier 11
Bgp confederation peers 112
Neighbor 11.11..2.2 remote-as 112
Neighbor 11.11.2.2 update-source Lo0
Neighbor 11.11.11.11 remote-as 52
Neighbor 11.11.1.1 ebgp multihop 255
Neighbor 11.11.11.11 remote-as 111
Neighbor 11.11.11.11 update-source Lo0
No auto-summary
R3
Router bgp 11
No synchronization
Bgp router-id 11.11.3.3
Neighbor 11.11.1.1 remote-as 111
Neighbor 11.11.1.1 update-source Lo0
No auto-summary
SW4
Router bgp 11
Bgp confederation peers 112
Bgp confederation identifier 11
Bgp router-id 11.11.10.10
Neighbor 11.11.2.2 remote-as 112
Neighbor 111.11.2.2 ebgp multihop 10
Neighbor 11.11.11.11 update-source Lo0
No auto-summary
R5:
Router bgp 11
No synch
Bgp router-id 11.11.11.11
Bgp log-neighbor-changes
Bgp confederation identifier 11
Neighbor ibgp peer-group
Neighbor ibgp remote-as 111
Neighbor ibgp loopback0
Neighbor as 52 route-reflector-client
Neighbor as 52 next-hop-self
Neighbor 11.11.1.1 peer-group ibgp
Neighbor 11.11.3.3 peer-group ibgp
Neighbor 11.11.10.10. peer-group ibgp
Neighbor 150.111.254 remote-as ibgp
Neighbor 150.1.11.254 route-map loc in
No auto-summary
Ip access-list extra 127
Access-list 5 permit 197.68.21.0 0.0.0.255
Access-list 5 permit 197.68.22.0 0.0.0.255
Route-map loc permit 10
Match ip address 127
Set local-preference 200
SW2:
Router bfp 112
No sync
Bgp router-id 11.11.8.8
Bgp confederation identifier 11
Neighbor 11.11.2.2 remote-as 112
Neighbor 11.11.2.2 update-source loopback0
Neighbor 11.11.2.2 next-hop-self
Neighbor 150.2.5.254 remote-as 254
No auto-summary
R2
Router bgp 112
No sync
Bgp router-id 11.11.2.2
Bgp log-neighbor-changes
Bgp confederation identifier 11
Bgp confederation peers 111
Neighbor ebgp peer-group
Neighbor ebgp remote-as 111
Neighbor ebgp update source Lo0
Neighbor 11.11.2.2 ebgp-multihop 10
Neighbor 11.11.10.10 peer-group ebgp
Neighbor 11.11.8.8 remote-as 112
Neighbor ebgp update-source Lo0
※※※※※※※K1とK3※※※※※※※
!!!Implement PIM sparse mode for IPV6!!!
R4
ipv6 cef
ipv6 multicast-routing
R2
ipv6 cef
ipv6 multicast-routing
R1
ipv6 cef
ipv6 multicast-routing
R4
ipv6 access-list mul
permit ipv6host ff08::4000:4000 au
ipv6 pom rp-adress FC01:DB8:74:9:C203:4FF:FEC0:1 mul
R2
ipv6 access-list mul
permit ipv6 host ff08::4000 4000 any
ipv6 pim rp-adress FC01:DB8:74:9:C203:4FF:FEC0:1 mul
R1
ipv6 access-list mul
permit ipv6 host ff08::4000:400 any
ipv6 pim rp-address FC01:DB8:74:9:c203:4FF:FC01:1 mul
!!!3.2 Muticast joins!!!
R2
interface s0/1.12
ipv6 mld join-group FF08::4000:4000
or
R1
interface s0/0/0.12
ipv6 mld join-group f08:4000:4000
!!!4.1 secure Http Access!!!
R5
aaa new-model
aaa authenticatin login default line none
aaa authentication hoginn HTTP local0case
aaa authorization exec HTTP local
no ip http server
ip hrrp secure-server
ip http authtentication aaa login-authtentication HTTP
ip http authenticaton aaa exec-authorization HTTP
username cisco prviledge 1 password cisco
username ADMIN priviledge 15 password CISCO
!!!4.2 secure the wan ppp links!!!
R5
aaa authtnetication ppp R1 group radius local0case
aaa authtentication ppp R3 group tacacs+ local-case
radius-server host 198.2.5.128 key cisco
username RACKYYR1 password cisco
username BACKUP password CISCO
int s0/0
ppp authentication chap R1
interface s0/1
ppp authentication chap R3
R1
interface s0/1
ppp chap hostname RACKYYR1
ppp chap pasword cisco
R3
int s0/0
ppp chap hostname BACKUP
ppp chap password CISCO
!!!4.3MQC-Based Frame-relay traffic shaping!!!
R2
class-map voip
match ip dscp ef
class-map match-any data
match ip dscp af11
match ip dscp af21
policy-map cisco
class-voip
priority percent 40
exit
class data bandwidth percent 35
policy-map mqc
class class-default
fair-queue
shape average 64000
shape adaptive 32000
service-policy cisco
map-class frame-relay FRTS
srvice-policy putput mqc
interface srial 0/0.200
frame-relay inteface-dlci 200
class FRTS
!!!4.4 AutoQOS over PPP!!!
R1
interface s0/1
auto discovery qos trust
auto qos voip trust
R5
interface s0/0
auto discovery qos trust
auto qos voip trust
R1R5
interface
multilink xxxx
no peer neighbor-rotue
!!!4.5 First Hop Redundancy!!!
※()はK4のみ
R2
interface fa0/1.24
glbp 1 yy.yy.15.36
glbp 1 preempt
(gpbp 1 weighting 100 lower 95)
gbp1 authentication md5 key-string cisco
R4
int fa0/1
glbp 1 yy.yy.15.35
glbp 1 preemt
glbp 1 priority 105
(glbp 1 weighting 100 lower 95)
glbp 1 authentication MD5 key-string cisco
(glbp 1 weighting track 10 decrement 20)
(track 10 ip route 0.0.0.0 reachability )
!!!4.6 Poled and broadcast NTP!!!
R4
clock set 8:00 1 jan 2000
clock time-zone HK +8
ntp master 3
ntp source lo 0
ntp update-calender
interface fa0/1
ntp broadcast
R2
clock timezone HK+8
ntp server yy.yy.4.4
ntp update-calender
interface fa0/1.24
ntp broadcast client
R3
clock timezone HK +8
ntp server yy.yy.4.4
ntp update-calender
!!!4.7 Syslog!!!
R3 logging on
logging trap critical
logging facility local 6
logging host 150.3.yy.10
logging source-interface lo 0
!!!5.1 netflow data export !!!
R4
ip flow-export version 9
ip flow-export source lo 0
ip flow-export destination 198.2.5.10 9991
ip multicast netflow rpf-failure
ip multicast netflow output-counters
interace fa0/1
ip flow ingres
ip flow egress
!!!5.2 Embedded event manager monitor of cpu!!!
R3
event manager appler CPU
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.8 get-type exact entry-op ge
entry-val 60 poll-interval 60
action 1.0 cli command enable
acrion 2.0 tcl flash:eem.tcl
action 3.0 mail server 198.2.5.10 to enngineer@cisco.com from "EEM@cisco.com"subjct"CPUAlert5min"body"$_cli_result"
tclsh
puts[open"flash:eem.tcl"w+]{
set cpu[exec"show processes cpu sorted 5min"]
set cpu_ooutput[split $cpu"n"]
sen n 0
while [$n,13][
puts[index$cpu_output$n]
incr n}
exit
!!!5.3 Tftp server!!!
R3
access-list 4 permit yy.yy.4.4
access-list 4 permit yy.yy.15.33
access-list 4 permit yy.yy.15.65
tftp-server flash:test4
登録:
投稿 (Atom)