SW3-4
int fa0/24
no switchport access vlan 44
switchport trunk encapslation dot1q
SW1-SW4
vtp domain CCIERoutingandSwitching
vtp pass cico
SW2
int s0/0/0no
no switchport backup int fa0/0
R1
int s0/0
ip add yy.yy.15.249 255.255.255.255
no peer neighbor-route
R3
int bs0/1ip add yy.yy.15.245 255.255.255.252
no peer neighbor route
R5
int s0/0
ip add yy.yy.15.250 255.255.255.252
no peer neighbor route
int s0/1
ip add yy.yy.15.246 255.255.255.252
no peer-neighbor route
!!!Implement the access-switch ports of switched network!!!
SW1
spanning-tree vlan 1-4094 priority 0
int fa0/3
switchport mode access
switchport access vlan 3
int fa0/4
switchport mode access
switchport access vlan 44
int fa0/5
switchport mode access
switchport access vlan 15
int fa0/10
switchport mode access
switchport access vlan 15
int vlan 11
ip add yy.yy.15.162 255.255.255.224
no shut
int vlan 13
ip add yy.yy.12.194 255.255.255.224
no shut
SW2
int fa0/1
switchport mode access
switchport access vlan 11
int fa0/3
switchport mode access
switchport access vlan 13
int fa0/4
switchport mode access
switchport access vlan 24
int fa0/5
switchport mode access
switchport access vlan 45
int fa0/10
switchport mode access
switchport access vlan 2
spanning-tree guard root
int vlan 22
ip add yy.yy.16.139 255.255.255.224
no shut
int vlan 2
ip add 150.2.yy.1 255.255.255.0
no shut
SW3
int fa0/10
switchport mode access
switchport access vlan 2
spanning-tree guard root
SW4
int vlan 44
ip add yy.yy.15.66 255.255.255.224
no shut
int vlan 45
ip add yy.yy.15.98 255.255.255.224
no shut
SW2
int fa0/2
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
switchport trunk allowed vlan 22,24
R2
int fa0/1
no ip add
no shut
int fa 0/1.22
encapslation dot1q 22
ip add yy.yy.15.129 255.255.255.224
int fa0/1.24
encapslation do1q 24
ip add yy.yy.15.34 255.255.255.224
SW1
spanning-tree portfast default
spaning-tree portfast bpdufilter default
SW2
spanning-tree portfast default
spannig-tree bpdufilter default
SW3
spanning-tree portfast default
spanning-tree portfast bpdufilter default
SW4
spanning-tree portfast default
spanning-tree portfast bpdufilter deault
!!!Implement frame relay!!!
R4
frame-switching
int s0/0
encapslation frame-relay ietf
frame-relay intf-ty dce
clockrate 64000
frame-relay ansi
frame-relay route 100 interface serial 0/1 200
no ip add
no shut
exit
int s0/1
encapslation frame-relay ietf
clockrate 64000
frame-relay lmi-ty ansi
frame-relay route 200 interface s 0/0 100
no ip add
end
int s0/0
encapslatino frame-relay ietf
no frame-relay inverse-arp
no arp frame-relay
no ip add
no shut
exit
int s0/0.100 point-to-point
ip add yy.yy.15.242 255.255.255.252
no shut
fram-relay interface-dlci 100 ietf
end
int s0/0
encapslation frame-relay ietf
no frame-relay inverse-arp
no arp frame-relay
no i add
no shut
exi
int s0/0.200 point-to-point
ip add yy.yy.15.241 255.255.255.252
no shu
frame-relay interface-dlci 200 ietf
end
!!!Traffic control protection from the backones!!
SW1
int fa0/10
storm-control broadcast level 50
SW2
interface fa0/10
storm-control broadcast level 50
SW3
interface fa0/10
storm-control broadcast lebel 50
R1
interface fa0/1
ip add yy.yy.15.162 255.255.255.224
no shut
exit
int s0/1
bandwidth 128
encapslation ppp
no peer neighbor-route
ip adde yy.yy..15.249 255.255.255.252
no shut
end
R3
int fa0/1
ip add yy.yy.15.193 255.255.255.224
no shut
exit
int fa0/0
ip add 150.3.yy.1 255.255.255.0
no shut
int s0/0
ncapslation ppp
no peer neighbor-route
ip add yy.yy.15.245 255.255.255.252
no shut
end
R4
int fa0/1
ip add yy.yy.15.33 255.255.255.224
no shut
exit
R5
int fa0/1
ip add yy.yy.15.97 255.255.255.224
no shut
exit
int fa0/0
ip add 150.1.yy.1 255.255.255.0
no shut
exit
int s0/0
bandwidth 128
encapslation ppp
no peer-neighbor route
ip add yy.yy.15.250 255.255.255.252
no shut
exit
int s0/1
encapslation ppp
no peer neighbor-route
ip add yy.yy.15.246 255.255.255.252
no shut
end
!!!K3のみ!!!
・As per the VLAN tables configure VLANs for the access switch ports
・Also include the ports to BB1, BB2 and BB3
・Trunk between SW2-fa0/2 and R2-FA0/1 should be configured
・In the access switch port avoid transmitting BPDUs, when BPDU is received in any of these ports, the port should transmit back to the listening, learning and forwarding process.
・In the routers including trunk configuration should add any special layer2 commands which are required
・For these access switch ports, by passing the listening and learning states, the spanning tree enters the forwarding state immediately and ensure this.
!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
SW1:
Interface fa0/3
Swi acc vlan 5
Swi mode acc
!
Int fa0/4
Swi acc vlan 46
Swi mode acc
!
Int fa0/5
Swi acc vlan 17
!
Int fa0/10
Swi acc vlan 17
!
Int vlan 13
Ip add YY.YY.13.157 255.255.255.224
No shut
!
Int vlan 15
Ip add YY.YY.13.189 255.255.255.224
No shut
SW4 and SW4
Spanning-tree portfast default
Spanning-tree portfast bpdugurard default
Errdisable recovery cause bpduguard
Errdisable recovery interval 300
Note** The default timeout interval is 300 seconds and , by default the timeout is disabled.
SW2
Int fa0/1
Swi acc vlan 13
Swi mode acc
!
Int fa0/2
Swi tru encap dot1q
Swi tru all vlan 22,24
Swi mode trunk
!
Int fa0/3
Swi acc vlan 15
Swi mode acc
!
Int fa0/4
Swi acc vlan 26
Swi mod acc
!
Int fa0/5
Swi acc vlan 47
Swi mode acc
!
Int fa0/10
Swi acc vlan 4
Swi mode acc
!
Int vlan 4
Ip add 150.2.YY.1 255.255.255.0
!
Int vlan 24
Ip add YY.YY.13.125 255.255.255.224
No shut
SW3
Int fa0/10
Swi acc vlan 5
Swi mode acc
SW4
Int vlan 46
Ip add YY.YY.13.61 255.255.255.224
No shut
!
Int vlan 47
Ip add YY.YY.13.93 255.255.255.224
No shut
R2
Int fa0/1
No shut
!
Int fa0/1.24
Encap dot1q 24
Ip add YY.YY.13.124 255.255.255.224
!
Int fa0/1.26
Encap dot1q 26
Ip add YY.YY.13.29 255.255.255.224
R3
Int fa0/0
Ip add 150.3.YY.1 255.255.255.0
No shut
R5
Int fa0/0
Ip add 150.1.YY.1 255.255.2555..0
No shut
2.4 Frame Relay Configuration
Consider the points to configure R1 and R2 for frame relay and R4 as the frame realy switch, use auto-sensing on R1 & R2 and ANSI LMI on Frame Relay switch, avoid any static inverse ARP frame-relay maps. For encapsulation use RFC1490/RFC2427 (IETF Encapsulation)
Frame Relay DLCI details
・R1 Frame Relay interface 101
・R2 Frame Relay interface 201
!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
R1
Interface s0/0/0
Encap frame-relay ietf
No frame-relay inverse-arp
No shut
Ip add YY.YY.13.127 255.255.255.252
Frame-relay map ip YY.YY.13.236 100 broadcast
Frame-relay map ip YY.YY.15.242 100
Clockrate 256000
No shut
!
Int s0/0/0/101
Point-to-point
Ip address YY.YY.13.237 255.255.255.252
!
R2
Int s0/0/0
Encap frame-relay ietf
No frame-relay inverse-arp
No shut
!
Interface serial 0/0/0/201
Point-to-point
Ip add YY.YY.13.236 255.255.255.252
R4
Frame-relay switching
!
Interface s0/0/0
Encap frame-relay
Clock-rate 256000
Frame-relay lmi-type ansi
Frame-relay intf-type dce
Frame-relay router 101
Interface serial 0/1/0 201
No shut
!
Int s0/0/1
Encap frame-relay
Clock rate 256000
Frame-relay lmi-type ansi
Frame-relay intf-type dce
Frame-relay route 201
Interface serial0/0/0 101
No shut
!!!K3のみ!!!
!!!trunking manipulations!!!
K1 3,11,13,15,44,45
K3 5,13,15,46,47
SW1
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45
SW2
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45
SW3
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan 2,3,11,13,15,22,24,44,45
SW4
vlan dot1q tag native
interface fa0/19 - 24
switchport mode trunk
switchport nonegotiate
switchport allowed vlan
2,3,11,13,15,22,24,44,45
!!!2.1Implement ipv4 ospf!!!
R1
router ospf yy
net yy.yy.1.1 0.0.0.0 area 0
net yy.yy.15.242 0.0.0.0 arez 2
net yy.yy.15.161 0.0.0.0 area 0
R2
router ospf yy
net yy.yy.2.2 0.0.0.0 area 0
net yy.yy.15.242 0.0.0.0 area 2
net yy.yy.15.161 0.0.0.0 area 0
R3
router ospf yy
net yy.yy.3.3 0.0.0.0 area 2
net yy.yy.15.193 0.0.0.0 area 0
SW1
ip routing
router ospf yy
net yy.yy.7.7 0.0.0.0 area 0
net yy.yy.15.194 0.0.0.0 area 0
net yy.yy.7.7 0.0.0.0 area 0
SW2
ip routing
router ospf yy
net yy.yy.15.130 0.0.0.0 area 2
net yy.yy.8.8 0.0.0.0 area 2
R1
router ospf yy
area 2 nssa default information originate
R2
router ospf yy
area 2 nssa
SW2
router ospf yy
area 2 nssa
R1
interfce s0/0.100 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multipiler 20
R2
interfce s0/0.200 point-to-point
ip ospf network broadcast
ip ospf dead-interval minimal hello-multipiler 20
※K1とK3はhello-multipiler 5
!!!2.2Implement ipv4 eigrp!!!
※K1,K3はauto summary→no auto summary
R1
router eigrp yy
auto-summary
network yy.yy.15.249 0.0.0.0
R3
router eigrp yy
auto-summary
net yy.yy.15.245 0.0.0.0
R5
router eigrp yy
auto-summary
network yy.yy.5.5 0.0.0.0
network yy.yy.15.97 0.0.0.0
net yy.yy.15.246 0.0.0.0
net yy.yy.15.250 0.0.0.0
SW4
ip routing
router eigrp yy
net yy.yy.10.10 0.0.0.0
net yy.yy.15.98 0.0.0.0
R3
router ospf yy
redistribute eigrp 100 subnets
※K3K1ではmetric-ty 1 追加
R3
router eigrp 100
auto-summary
net 150.3.yy.1 0.0.0.0
R3
router eigrp yy
redistribute eigrp 100 metric 10000 100 255 1 1500
int s0/0
ip summary-address eigrp yy 198.2.0.0 255.255.248.0
R1
※K3以下追加
permit ip host 198.2.2.0 host 255.255.255.0
permit ip host 198.2.2.0 host 255.255.255.0
ip access-list standard
permit ip host 4.1.1.0 host 255.255.255.0
permit ip host 128.28.2.0 host 255.255.255.0
pormit ip host 198.1.1.4 host 255.255.255.252
permit ip host 198.2.1.0 host 255.255.255.0
permit ip host 198.2.3.0 host 255.255.255.0
permit ip host 198.2.5.0 host 255.255.255.0
permit ip host 198.2.0.0 host 255.255.255.0
permit ip host 1503.yy.0 host 255.255.255.9
route-map filter deny 10
match ip add 100
filter permit 20
router ospf yy
redistribute eigrp yy subnets route-map rilter
※K1K3ではmetric-ty 1追加
router eigrp yy
redistribute eigrp yy subnets route-map filter
router eigrp y
redistribute ospf yy metric 10000 100 255 1 1500 route-map filter
!!!2.3 Implement Rip Version 2!!!
※K1,K3はauto summary→no auto summary
R2
router rip
ver 2
auto-summary
passve-interface default
nrighbor yy.yy.15.33
netwok yy.0.0.0
exit
int fa0/1.24
ip rip receive ver 2
auto-summary
passive-interface default
neighbor y.yy.15.34
neighbor yy.yy.15.66
network yy.0.0.0
exit
int fa 0/0
ip rip receive ver 2
int fa0/1
ip rip rceive ver 2
SW4
router rip
ver
auto-sunary
passive interface default
nei yy.yy.5.5
net yy.0.0.0
exit
int vlan 44
ip recerive ver 2
R2
router osp yy
redistribute rip subnets
router rip
redistibute ospf yy metric
↑
※※※※※※※K1とK3※※※※※※※
Router rip
Redistribute ospf 11 metric 3 route-map filter
Ip prefix-list nssa per 0.0.0.0/0
Route-map filter deny 10
Match ip add filter nssa
Route-map filter per 20
Access-list 10 deny 11.11.2.2
Access-list 10 permit any
※※※※※※※K1とK3※※※※※※※
SW4
router rip redisriute eigrp yy metirc 2
router eigrp yy
redistribute metric 10000 100 255 1 1500
↑
※※※※※※※K1とK3※※※※※※※
Router eigrp 11
Redistribute rip metric 10000 100 255 1 1500 route-map perrip
Ip prefix-list rip per 11.11.2.2/32
Ip prefix-list rip per 11.11.4.4/32
Ip prefix-list rip per 11.11.15.32/27
Ip prefix-list rip per 11.11.15.64/27
Route-map perrip permit 10
Match ip add prefix rip
※※※※※※※K1とK3※※※※※※※
R2
router ospf yy
distanve 125 yy.yy.1.1 0.0.0.0 1
exit
access-list 1 permit yy.yy.4.4
access-list 1 permit yy.yy.10.10
access-list 1 permit yy.yy.15.64
router rip
offset-list 2 out 3 fa 0/1.24
access-list 2 deny yy.yy.2.2
access-list 2 permit any
SW4
router rip
distance 175 yy.yy.15.65 0.0.0.0 1
access-list 1 deny yy.yy.2.2
access-list 1 deny yy.yy.4.4
access-list 1 deny yy.yy.15.32
access-list 1 permit any
※※※※※※※K4のみ※※※※※※※
access-list 2 deny 0.0.0.0
access-list 2 router rip
desstribute-list 2 in vlan 44
※※※※※※※K4のみ※※※※※※※
SW4
※※※※※※※K4のみ※※※※※※※
router eigrp 30
redistribute rip metric 10000 100 255 1 1500 deny_default
accss-list 1 per 0.0.0.0
route-map deny_default deny 10
match ip add 1
route-map deny_default per 20
※※※※※※※K4のみ※※※※※※※
R2
※※※※※※※K4のみ※※※※※※※
router rip
distribute-list 1 in fastethernet0/1.24
access-list 11 deny 150.1.0.0
access-list 11 deny 150.3.0.0
access-list 11 deny 1.0.0.0
access-list 11 deny 128..28.0.0
access-list 11 deny 198.1.1.0
access-list 150.2.0.0
access-list 11 permit any
※※※※※※※K4のみ※※※※※※※
!!!2.4 Implement IPV6!!!
R4
ipv6 unicast-routing
interface fa0/1
ipv6 adress fci1:db8:749::/64 eui-64
R2
ipv6 unicast-routing
int fa0/1.24
ipv6 address fc01:db8:74:9::/64eui-64
intereface s0/0.12
ipv6 add fc01:db8:74:a::/64eui-64
R1
ipv6 unicast-routing
interface serial0/0.12
ipv6 address fc01:db8:74:a::/64 eui-64
interace fa0/1
ipv6 address fc01:db8:74:b::/64eui-64
SW1
sdm prefer dual-ipv4-and-aipv6 routing
ipv6 unicast-routing
interface vlan 11
ipv6 address fc01:db8:74:b::/64 eui-64
R4
ipv6 router ospf yy
router-id yy.yy.4.4
interface fa0/1
ipv6 ospf yy area 0
R2
ipv6 router ospf yy
router-id yy.yy.2.2
interface fa0/1.24
ipv6 ospf yy area 0
interface s 0/012
ipv6 opsf yy area 1
R1
ipv6 router ospf yy
route-id yy.yy.1.1
interfae s0/0.12
ipv6 ospf yy area 1
interface fa0/1
ipv6 ospf yy ara 1
SW1
ipv6 router ospf yy
router-id yy.yy.7.7
interface vlan 11
ipv6 ospf yy area 1
!!!Implement IPV4 BGP!!!
R1
router bgp yy1
bgp router-id yy.yy.1.1
bgp confederation identifer yy
bgp confederation peers yy2
neighbor ibgp peer-group
neighbor ibgp remote-ad yy1
neighbor ibgp update-source lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp
neighbor yy.yy.2.2 remote-as yy2
neighbor yy.yy.2.2 ebgp multihop 255
neighbor yy.yy.2.2 update-source lo 0
R3
router bgp yy1
bgp router-id yy.yy.3.3
bgpconederation identifer yy
neighbor bgp peer-group
neighbor ibgp remote-as yy1
neighbor ibgp update-source lo 0
neighbor yy.yy.1.1 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp
R5
router bgp yy
bgp brouter-id yy.yy.5.5
bgp confederation identifer yy
neighbor ibgp peer-group
neighbor ibgp remote-as yy1
neighbor ibgp update-source lo 0
neighro yy.yy.1.1 peer-group ibgp
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.10.10 peer-group ibgp
neighbor 150.1.yy.254 remote-as 254
access-list 1 permit 197.68.20.0 0.0.3.255
route-map local-pre permit 10
match p add 1
set local pre 200
exit
roue-map local-pre permi 20
SW4
router bgp yy1
bgp router-id yy.yy.10.10
bgp confederation ientifer yy
bgp confederaton peer yy2
neighbor ibgp peer-group
neighbor ibgp remote-as yy1
neirhbor ibgp upatesource lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.1.1 peer-group ibgp
neighbor yy.yy.5.5 peer-group ibgp
neighbor yy.yy.2.2 remote-as yy2
neighbor yy.yy.2.2 egp multihop 255
neighbor yy.yy.2.2 update-source lo 0
R2
rouer bgp yy2
bgp router-id yy.yy.2.2
bgp confederatino identifer yy
bgp confederaton peersyy1
neighbor yy.yy.2.2 remote-as yy1
neighbor yy.yy.2.2 update source lo 0
R2
router bgp yy2
bgp confederation identifer yy
bgp confederation peers yy2
neighbor ibgp peer-group
neighbor ibgp remote-as yy1
neir ibgp upteda-source lo 0
neirhbor yy.yy.1.1 peer-g ibgp
nei yy.yy.3.3 peer-g ibgp
nei yy.yy.5.5 peer-g ibgp
nei yy.yy.2.2 remote-as yy2
nei yy.yy.2.2 udate-sourc lo0
R2
router bgp 2
bgp router-id yy.yy.2.2
bgp confederation identifer yy
bgp onfederation peers yy1
neighbor yy.yy.1.1 remote-as yy1
neighbor yy.yy.1.1 ebgp multihop 255
neighbor yy.yy.1.1 upate-sourve lo 0
neirhbor yy.yy.10.10 remote-as yy1
neighbor yy.yy.10.10 ebgp-multihop 255
neighbor yy.yy.10.10 update-source lo 0
neighbor yy.yy.8.8 remote-as yy2
neighboryy.yy.8.8 update-source lo 0
SW2
router bgp yy2
bgp router-id yy.yy.8.8
bgp confederatin identifer yy
neighbor yy.yy.2.2 remote-as yy2
neirhbor yy.yy.2.2 update-source lo 0
nei 150.2.yy.254 remote-as 254
R5
route-map conbb1 permit 10
match interfce fa0/;0
exit
router eigrp yy
redisribute connected routemap connbb1 metric 10000 100 255 1 1500
routepmap connbb2 permi 10
match interface vlan 2
exit
router ospf y
redistribute connected subnets route-map connbb2
R3
acces-list 1 permit 150.1.yy.0
accss-list 1 permit 150.2.yy.0
router ospf yy
distance 175 yy.yy.1.1 0.0.0.0 1
※※※※※※※K1とK3※※※※※※※
3.5 Implement IPV4 BGP
Refer to the BGP routing diagram, configure BGP with these parameters:
Configure two confederations R1, R3, R5 and SW4 (ASYY1) and R2 and SW2 (ASYY2)
The confederation peers should neighbor between R1 and R2 and between SW4 and R2
EBGP: SW2EBGP peer with the router 150.2.YY.254 on backbone 2 in AS 254. This router advertise five routes with format 197.68.x.0/24 and AS patch 254
EBGP:R5 EBGP peer with the router 150.2.YY.254 on backbone 1 in AS 254, This router advertise five routes with format 197.68.x.0/24 and AS patch 253
The BGP devices should all prefer the path through R5 (150.1.YY.254) for network 197.68.21.0/24 and 197.68.22.0/24. The (IBGP) devices should all prefer the path through SW2 (150.2.Yy.254) for network 197.68.1.0/24 and 197.68.5.0/24. This manipulations should be accomplished only on one router using route-maps that refer to a single access-list
Configure only the loopback0 ip addres to propagate BGP route information
!!!!!!!!!!!!!Solution!!!!!!!!!!!!!!!!!!!:
R1
Router bgp 111
Bgp router-id 11.11.1.1
Bgp log-neighbor-changes
Bgp confederation identifier 11
Bgp confederation peers 112
Neighbor 11.11..2.2 remote-as 112
Neighbor 11.11.2.2 update-source Lo0
Neighbor 11.11.11.11 remote-as 52
Neighbor 11.11.1.1 ebgp multihop 255
Neighbor 11.11.11.11 remote-as 111
Neighbor 11.11.11.11 update-source Lo0
No auto-summary
R3
Router bgp 11
No synchronization
Bgp router-id 11.11.3.3
Neighbor 11.11.1.1 remote-as 111
Neighbor 11.11.1.1 update-source Lo0
No auto-summary
SW4
Router bgp 11
Bgp confederation peers 112
Bgp confederation identifier 11
Bgp router-id 11.11.10.10
Neighbor 11.11.2.2 remote-as 112
Neighbor 111.11.2.2 ebgp multihop 10
Neighbor 11.11.11.11 update-source Lo0
No auto-summary
R5:
Router bgp 11
No synch
Bgp router-id 11.11.11.11
Bgp log-neighbor-changes
Bgp confederation identifier 11
Neighbor ibgp peer-group
Neighbor ibgp remote-as 111
Neighbor ibgp loopback0
Neighbor as 52 route-reflector-client
Neighbor as 52 next-hop-self
Neighbor 11.11.1.1 peer-group ibgp
Neighbor 11.11.3.3 peer-group ibgp
Neighbor 11.11.10.10. peer-group ibgp
Neighbor 150.111.254 remote-as ibgp
Neighbor 150.1.11.254 route-map loc in
No auto-summary
Ip access-list extra 127
Access-list 5 permit 197.68.21.0 0.0.0.255
Access-list 5 permit 197.68.22.0 0.0.0.255
Route-map loc permit 10
Match ip address 127
Set local-preference 200
SW2:
Router bfp 112
No sync
Bgp router-id 11.11.8.8
Bgp confederation identifier 11
Neighbor 11.11.2.2 remote-as 112
Neighbor 11.11.2.2 update-source loopback0
Neighbor 11.11.2.2 next-hop-self
Neighbor 150.2.5.254 remote-as 254
No auto-summary
R2
Router bgp 112
No sync
Bgp router-id 11.11.2.2
Bgp log-neighbor-changes
Bgp confederation identifier 11
Bgp confederation peers 111
Neighbor ebgp peer-group
Neighbor ebgp remote-as 111
Neighbor ebgp update source Lo0
Neighbor 11.11.2.2 ebgp-multihop 10
Neighbor 11.11.10.10 peer-group ebgp
Neighbor 11.11.8.8 remote-as 112
Neighbor ebgp update-source Lo0
※※※※※※※K1とK3※※※※※※※
!!!Implement PIM sparse mode for IPV6!!!
R4
ipv6 cef
ipv6 multicast-routing
R2
ipv6 cef
ipv6 multicast-routing
R1
ipv6 cef
ipv6 multicast-routing
R4
ipv6 access-list mul
permit ipv6host ff08::4000:4000 au
ipv6 pom rp-adress FC01:DB8:74:9:C203:4FF:FEC0:1 mul
R2
ipv6 access-list mul
permit ipv6 host ff08::4000 4000 any
ipv6 pim rp-adress FC01:DB8:74:9:C203:4FF:FEC0:1 mul
R1
ipv6 access-list mul
permit ipv6 host ff08::4000:400 any
ipv6 pim rp-address FC01:DB8:74:9:c203:4FF:FC01:1 mul
!!!3.2 Muticast joins!!!
R2
interface s0/1.12
ipv6 mld join-group FF08::4000:4000
or
R1
interface s0/0/0.12
ipv6 mld join-group f08:4000:4000
!!!4.1 secure Http Access!!!
R5
aaa new-model
aaa authenticatin login default line none
aaa authentication hoginn HTTP local0case
aaa authorization exec HTTP local
no ip http server
ip hrrp secure-server
ip http authtentication aaa login-authtentication HTTP
ip http authenticaton aaa exec-authorization HTTP
username cisco prviledge 1 password cisco
username ADMIN priviledge 15 password CISCO
!!!4.2 secure the wan ppp links!!!
R5
aaa authtnetication ppp R1 group radius local0case
aaa authtentication ppp R3 group tacacs+ local-case
radius-server host 198.2.5.128 key cisco
username RACKYYR1 password cisco
username BACKUP password CISCO
int s0/0
ppp authentication chap R1
interface s0/1
ppp authentication chap R3
R1
interface s0/1
ppp chap hostname RACKYYR1
ppp chap pasword cisco
R3
int s0/0
ppp chap hostname BACKUP
ppp chap password CISCO
!!!4.3MQC-Based Frame-relay traffic shaping!!!
R2
class-map voip
match ip dscp ef
class-map match-any data
match ip dscp af11
match ip dscp af21
policy-map cisco
class-voip
priority percent 40
exit
class data bandwidth percent 35
policy-map mqc
class class-default
fair-queue
shape average 64000
shape adaptive 32000
service-policy cisco
map-class frame-relay FRTS
srvice-policy putput mqc
interface srial 0/0.200
frame-relay inteface-dlci 200
class FRTS
!!!4.4 AutoQOS over PPP!!!
R1
interface s0/1
auto discovery qos trust
auto qos voip trust
R5
interface s0/0
auto discovery qos trust
auto qos voip trust
R1R5
interface
multilink xxxx
no peer neighbor-rotue
!!!4.5 First Hop Redundancy!!!
※()はK4のみ
R2
interface fa0/1.24
glbp 1 yy.yy.15.36
glbp 1 preempt
(gpbp 1 weighting 100 lower 95)
gbp1 authentication md5 key-string cisco
R4
int fa0/1
glbp 1 yy.yy.15.35
glbp 1 preemt
glbp 1 priority 105
(glbp 1 weighting 100 lower 95)
glbp 1 authentication MD5 key-string cisco
(glbp 1 weighting track 10 decrement 20)
(track 10 ip route 0.0.0.0 reachability )
!!!4.6 Poled and broadcast NTP!!!
R4
clock set 8:00 1 jan 2000
clock time-zone HK +8
ntp master 3
ntp source lo 0
ntp update-calender
interface fa0/1
ntp broadcast
R2
clock timezone HK+8
ntp server yy.yy.4.4
ntp update-calender
interface fa0/1.24
ntp broadcast client
R3
clock timezone HK +8
ntp server yy.yy.4.4
ntp update-calender
!!!4.7 Syslog!!!
R3 logging on
logging trap critical
logging facility local 6
logging host 150.3.yy.10
logging source-interface lo 0
!!!5.1 netflow data export !!!
R4
ip flow-export version 9
ip flow-export source lo 0
ip flow-export destination 198.2.5.10 9991
ip multicast netflow rpf-failure
ip multicast netflow output-counters
interace fa0/1
ip flow ingres
ip flow egress
!!!5.2 Embedded event manager monitor of cpu!!!
R3
event manager appler CPU
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.8 get-type exact entry-op ge
entry-val 60 poll-interval 60
action 1.0 cli command enable
acrion 2.0 tcl flash:eem.tcl
action 3.0 mail server 198.2.5.10 to enngineer@cisco.com from "EEM@cisco.com"subjct"CPUAlert5min"body"$_cli_result"
tclsh
puts[open"flash:eem.tcl"w+]{
set cpu[exec"show processes cpu sorted 5min"]
set cpu_ooutput[split $cpu"n"]
sen n 0
while [$n,13][
puts[index$cpu_output$n]
incr n}
exit
!!!5.3 Tftp server!!!
R3
access-list 4 permit yy.yy.4.4
access-list 4 permit yy.yy.15.33
access-list 4 permit yy.yy.15.65
tftp-server flash:test4
0 件のコメント:
コメントを投稿