2011年12月11日日曜日

2+2

###########################################################

2+2

###########################################################




!!!1.1!!!
R1
int g0/1.11
no encapslation dot1q 11 native
encaps dot1q 11
ip address yy.yy.0.97 255.255.255.224

SW3
no monitor session all
int fa0/10
switchport access vlan 33
int vlan 33
ip add 150.3.yy.1 255.255.255.0



!!!1.2!!!

SW1
interface fa0/2
switchport mode access
swirchport access vlan 20

int fa 0/3
switchport mode access
switchport access vlan 20

int fa 0/4
switchport mode access
switchport access vlan 43

int fa0/5
switchport mode access
switchport access vlan 54

int vlan 12
ip add yy.yy.128.98 255.255.255.224
no shut


int vlan 51
ip add  yy.yy.0.129 255.255.255.224
no shut


int fa0/10
no switchport
ip add 150.1.yy.1 255.255.255.0



SW2
int fa0/2
switchport mode access
switchport acess vlan 234

int fa0/3
switchport mode access
switchport access vlan 300

int fa0/4
switchport mode access
switchport access vlan 54


int fa0/5
switchport mode access
switchport access vlan 51

int vlan 42
ip add yy.yy.128.129 255.255.255.224
no shut

int vlan 243
ip add yy.yy.128.163 255.255.255.224
no shut

int fa 0/10
no switchport
ip add 150.2.yy.1 255.255.255.0
no shut



SW3
int fa0/10
switchport mode access
switchport access vlan 33

int vlan 243
ip add yy.yy.128.161 255.255.255.224
no shut

int vlan 234
ip add yy.yy.128.195 255.255.255.224
no shut

int vlan 33
ip add 150.3.yy.1 255.255.255.0
no shut



SW4
int vlan 243
ip add yy.yy.128.194 255.255.255.224
no shut




!!!1.3!!!
SW1
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
int range fa0/19 - 24
udld port aggresive

SW2
spaning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
int range fa0/19 - 24
udld port aggressive

SW3
spanning-tree mode rapid-pvst
spanning-tree portfast bpdugurad default
int range fa0/19 - 24
udld port aggressive

SW4
spanning-tree mode rapid-pvst
spanning-tree portfast bpdugurd default
int range fa0/19 - 24
udld port aggresive


SW1
int range fa0/2 - 5
spanning-treeportfast

SW2
int range fa0/2 - 5
spaning-tree portfast

SW3
int range fa0/10
spanning-tree bpduguard disable




!!!1.4!!!
SW1
int range fa0/19 - 24
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
no sht
exit


SW2
int range fa0/19 - 24
switchport trunk encapslatio dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit



SW3
int range fa0/19 - 24
switchport trunk encapslation dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit



SW4
int range fa0/19 - 24
switchport trunk enccapslaton dot1q
switchport mode trunk
switchport nonegotiate
no shut
exit



SW1
int rane fa 0/19 - 20
channel-group 13 mode active
exit
int range fa 0/21 - 22
channel-group 14 mode active
exit
int range fa 0/23 - 24
channel-group 12 mode active
port-channel load-balanece dst-ip


SW2
int range fa0/19 - 20
channel-group 24 mode active
exit

int range fa0/21 - 22
channel-group 23 mode active
int range fa0/23-24
channel-group 23 mode active
exit
port-channel load-balance dst-ip





SW3
int range fa0/19
channel-group 13 mode active
exit
int range fa 0/21 - 22
channel-group 23 mode active
exit
int range fa0/23 - 24
channel-group 24 mode active
exit
port-channel load-balance dst-ip


SW4
int range fa0/19 20
channel-group 24 mode active
exit
int range fa0/21- 22
channel-group 14 mode active
exit
int range va 0/23 - 24
channel-group 34 mode active
exit
port-vhannel load-balance dst-ip


SW2
int fa0/1
switchport trunk encapslation dot1q
switchport mode trunk
switchport trunk allowed vlan 11,12
switchport nonegotiate
no shut
exit


R1
int fa0/1
no ip address
no shut
exit
int fa0/1.11
encapslatin dot1q
ip address yy.yy.0/65 255.255.255.224
no shut
exit
intfa0/1.12
encapslation dot1q 12
ip add yy.yy.128.97 255.255.255.224
no shut
exit




!!!1.5!!!
SW3
no monitor session all
monitor session 1 source intfa0/1 - 8 port-channel 13 both
monitor session 1 definition fa 0/11
SW1
mac adress-table aging-time 150 vlan 20



!!!1.7!!!
R5
frame-relay switching
int s0/0
encapslation frame-relay
frame-relay lmi-type cisco
frame-relay intf-ty dce
clock rate 64000
frame-relay roue 221 interface serial 0/1 223
no ip  address
no shut
exit
int s0/1
encapslation frame-relay
frame-relay lmi-type cisco
frame-relay lmi-type dce
clock rate 64000
frame-relay route 223 interfce serial 0/0 221
no ip address
no shut
exit

R1
interface serial 0/1
encapslation frame-relay inverse-arp
no arp frame-relay
no ip address nosshut
exit
int s0/1.221 point-to-point
no ip address
frame-relay interface-dlci 221 ppp virtual-template 1
exit
exit
interface multilink
ppp multilink
ppp multilink grpup 1
ip unnumbered lo 0
exit

interace virtual-template 1
ppp multilink
ppp multilink grpoup 1
exit



R3
interface serial 0/0
encapslation frame-relay
no frame-relay inverse arp
no arp frame-relay
no ip address
no shut
exit
intefrce s0/0.223 point--to-point
frame-relay interfce-dlci 223 ppp vitrual-template 1
exit

interfrace multilink 1
ppp multilink
ppp multilink group 1
ip unnumbered lo 0
exit
interfce virtual-template 1
exit
ppp multilink
ppp multilink group 1
exit

R2
interface fa 0/0
ip address yy.yy.128.255 255.255.255.224
no shut
exit
interface fa0/1
ip add yy.yy.128.193 255.255.255.224
no shut
exit
interface serial  0/1
encapslation ppp
ip unnumbered fa0/0
no shu
exit


R3
int fa0/0
ip add yy.yy.0.33 255.255.255.224
no shut
exit
int fa 0/1
ip add yy.yy.0.1 255.255.255.224
exit
int s0/1
encapslation ppp
ip unnumbered fa 0/1
clockrate 64000
no shut
exit


R4
int fa0/0
ip add yy.yy.128.130 255.255.255.224
no shut
exit
int fa0/1
ip add yy.yy.254.2 255.255.255.0
no shut
exit


R5
int fa0/0
ip add yy.yy.254.1 255.255.255.0
no shut
exit
int fa0/1
ip add yy.yy.0.130 255.255.255.224
no shut
exit




!!!2.1!!!
SW1
ip routing
router ospf yy
router-id yy.yy.7.7
network yy.yy.7.7 0.0.0.0 area 0
network yy.yy.128.98 0.0.0.0 area 0
network yy.yy.0.129 0.0.0.0 area 52
redisstribute connected subnets rroute-map bb1
default-information originate always
exit
route-map bb1 permit 10
match interface fa0/0

!!!K2!!!
default-information originate always-metric type route-map moren
redistribute connected route-map bb1 metreic-type 1
ip access-list standaard moren
permit 150.1.1.0 0.0.0.255
route-map moren
match ip add moren
!!!K2!!!




R1
router ospf yy
router-id yy.yy.1.1
network yy.yy.1.1 0.0.0.0 area 0
network yy.yy.0.65 0.0.0.0 area 0
network yy.yy.128.97 0.0.0.0 area 0


R3
router ospf yy
router-id yy.yy.3.3
network yy.yy.3.3 0.0.0.0 area 0
network yy.yy.0.1 0.0.0.0 area 1
network yyy.yy.33 0.0.0.0 are 1
exit

R2
router ospf yy
router-id yy.yy.2.2
network yy.yy.2.20.0.0.0 area 1
network yy.yy.128.225 0.0.0.0 area 1
network yy.yy.128.193 0.0.0.0 area 1
exit


SW3
ip routing
router ospf yy
router-id yy.yy.9.9
network yy.yy.9.9 0.0.0.0 area 1
networrk yy.yy.128.195 0.0.0.0 area 1
network 128.161 0.0.0.0 area 1
exit

SW4
ip routing
router ospf yy
router-id yy.yy.10.10
yy.yy.10.10 0.0.0.0 area 1
network yy.yy.10.10 0.0.0.0area 1
network yy.yy.128.194 0.0.0.0 area 1
network yy.yy.128.162 0.0.0.0 area 1
exit

SW2
ip routing
router ospf yy
router-id yy.yy.8.8
network yy.yy.8.8 0.0.0.0 area 1
network yy.yy.128.129 0.0.0.0 ara 1
network yy.yy.128.163 0.0.0.0 area 1
redisrtribuute connected route-map bb2
default-information originate always
exit
route-map bb2 permit 10
match interfce fa0/10
exit

!!!K2!!!
default-information originate always metric-type 1 route-map moren
redistirbute connected route-map bb2 metric-type 1
ip access-list standard moren
permit 150.2.1.0 0.0.0.255
route-map moren
match ip add moren
!!!K2!!!







!!!2.3!!!

R4
router eigrp yy
no auto-summary
network yy.yy.254.2 0.0.0.0
redistribute connected metric 10000 100 255 1 1500 route-map lo
exit
route-map loopback permit 10
match int lo 0
exit
exit
!!!K2!!!
router eigrp yy
no auto-summary
network yy.yy.254.2 0.0.0.0
net yy.yy.4.4 0.0.0.0
!!!K2!!!



R5
router eigrp yy
no auto-summary
network yy.yy.254.1 0.0.0.0
redistribute connected metric 10000 100 255 1 1500 route-map lo
exit
route-map loopback permit 10
match int lo 0
exit
exit
!!!K2!!!
router eigrp yy
no auto-summary
network yy.yy.254.1 0.0.0.0
net yy.yy.5.5 0.0.0.0
!!!K2!!!





SW3
router eigrp 100
no auto-summary
network 150.3.yy.1 0.0.0.0
eigrp stub receive-only
distribute-list rotue-map tag in vlan 33
exit
access-list 10 permit 0.0.0.0 127.255.255.255
route-map tag permit 10
match ip address 10
set tag 200
route-map tag permit 20
exit
router ospf yy
redistribute eigrp 100 subnets
summary-address 198.0.0.0 255.0.0.0
exit


!!!2.3!!!

R2
router bgp yy
no auto-summary
no syncronization
bgp router-id yy.yy.2.2
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbor ibgp update-source lo 0
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.7.7 peergrpup ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor yy.yy.8.8 weight 100
exit

R3
router bgp yy
no auto-summary
nosyncronization
bgp rouer-id yy.yy.3.3
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbor ibgp update-spource lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.7.7 pee-group ibgp
neighbor yy..yy.8.8 peer-group ibgp
neighbor yy.yy.7.7 weight 100

SW1
router bgp yy
no auto summary
no syncronizationbgp router-id yy.yy.7.7
neighbor ibgp peer-group
ibgp remote-as y
neighbor ibgp update-source lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.3.3 peer-group ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor 150.1.yy.254 remoe-as 254




SW2
ip routeing
router bgp yy
no auto-summary
no syncronization
bgp router-id yy.yy.8.8
neighbor ibgp peer-group
neighbor ibgp remote-as yy
neighbot ibgp update-source lo 0
neighbor yy.yy.2.2 peer-group ibgp
neighbor yy.yy.7.7 peer-group ibgp
neighbor yy.yy.8.8 peer-group ibgp
neighbor 150.2.yy.254 route-map as in
exit
route-map as permit 10
set as-path prepend 253
exit
exit


!!!2.4MPLS!!!
R4
ip cef
mpls labelprotocol ldp
mpls ldp route0id lo 0 force
int fa0/1
mpls ip
exit
ip vrf vpn yy
vrf 100:1
route-target both 100:1
exit
interfce fa0/0
ip vrf forwarding vpn yy
ip address yy.yy.128.130 255.255.255.224
exit
router bgp 100
no auto-summary
no synchronization
bgp router-id yy.yy.4.4
neighbor  yy.yy.5.5 update-source lo 0
neighbor yy.yy.5.5 remote-as 100
address-family vpn 4
neighbor yy.yy.5.5 active
neighboryy.yy.5.5 send-community-extended
exit
no bgp defualt ipv4-unicast
address-family ipv4 vrf vpn VPNYY
redistribute ospf yyvrf vpn yy
exit
exit
router ospf yy vrf vpn yy
redistribute bgp 100 subnets
netwrpk yy.yy.128.130 0.0.0.0
exit



R5
ip cef
mpls label protocop ldp
mpls ldp router-id lo 0 force
int fa0/3
mpls ip
exit
ipvrf vpn yy
rd 100:1
rote-target both 100:1
exit
int fa0/1
ip vrf forwarding vrf vpn yy
ip add yy.yy.0.130 255.255.255.224
exit
router bgp 100
no auto sum
no sync
router-id yy.yy.5.5
neighbor yy.yy.4.4 remote-as 100
neighbor yy.yy.4.4 update-source lo 0
address-familyvpnv4
neighbor yy.yy.4.4activate
neighbor yy.yy.4.4 send-community extended
exit
no bgp default ipv4 unicast
addresfamily ipv4 vrf vpn yy
redistribute ospf yy vrf vpn yy
exit
exit
router ospf yy vrf vpn yy
router-sofp yy vrf vpn yy
router-id yy.yy.5.5
redistribute bgp 100 subnets
network yy.yy.0.130 0.0.0.0 area  51
area 51 virtual-link yy.yy.7.7
exit

SW1
roter ospf yy
are 51 virtual-link yy.yy.5.5
exit






!!!2.5!!!
R3
int tun 35
tunnel source lo 0
tunnel destination yy.yy.0.130
ip unnumberdrd fa0/0
ip ospf yy area 1
exit





R5
int tun 35
tunnel source fa0/1
tunnel destination yy.yy.3.3
ip vrf forawrding vpn yy
ip unnumberded fa0/1
ip ospf yy area 1
ip tunnel vrf vpn yy
exit


R4
int lo 0
ip vrf forwarding vpnyy
ip address yy.yy.100.4 255.255.255.255

R5
int lo 1
ip vrf forwarding vpn yy
ip address yy.yy.100.5 255.255.255.255
exit



R4
router bgp 100
address-family ipv4 vrf vpnyy
network yy.yy.100.4 mask 255.255.255.255
exit
!!!K2!!!
address-family vrf vpn 1
redistribute ospf 1 vrf vpn1 match int external
redistribute connected
default information originate
!!!K2!!!



R5
router bgp 100
address-family ipv4 vrf vpnyy
network yy.yy.100.5 mask 255.255.255.255
exit
!!!K2!!!
address-family vrf vpn 1
redistribute ospf 1 vrf vpn1 match int external
redistribute connected
default information originate
!!!K2!!!



!!!K2+のみ!!!
R4
router ospf yy vrf vpn yy
aea 1 sham-link yy.yy.100.5
exit

R5
router ospf yy vrf vpnyy
are 1 sham-link yy.yy.100.5 yy.yy.100.4
exit
!!!K2+のみ!!!


R2
ipv6 unicast routing
int fa0/1
ipv6 address 20yy:1010:10::2/24
exit
int fa0/0
ipv6 address 20yy:1010:10::2/64

SW3
sdm prefer dual ipv4-ipv6 routeing
int vlan 33
ipv6 address 20yy:1010:222::9/64
exit
intvlan 234
ipv6 address 20yy:1010:10::9/64
exit


R2
ipv6 router rip cisco
exit
intfa0/0
ipv6 rip cisco enable
exit
int fa0/1
ipv6 rip cisco enable
exit





SW3
ipv6 router rip cisco
exit
intvlan 33
ipv6 cisvco rip enable
exit
int vlan 234
ipv6 rip cisco enable
ipv6 rip cisco default-informatio originate metric 2
exit



!!!3.1!!!
SW2
ip multicust-routing
ip pim auto-rp listner
int vlan 243
ip igmp join-group 239.10.5.1
exit

SW3
ip multicast-routing
ip pim auto-rp-listner
in  lo 0
ip pim sparse-mode
exit
int vlan 243
ip pim sparse-mpde
exit
access-list 10 permit 239.10.5.0 0.0.0.355
ip pim send-rp-announce ki o scope 16 group-list 10

SW4
ip muilticast-routing
ip pim auto-rp listner
int lo 0
ip pim sparse-,oe
exiit
int vlan 234
ip pim sparse-mode


!!!3.2!!!
access-list 20 permit 239.10.5
1
int vlan 243
ip igmp access-group 20

SW3
access-list 20 permit 239.10.5.1
int vlan 243
ip igmp acccess-group 20
exit


SW4
access-list 20 permit 239.10.5.1
int vlan 243
ip igmp access-group 20




!!!K2のみ!!!
###3.2IPV4 SSM##
SW234
ip pim ssm range 5
access-list 5 permit 232.20.10.1

R2
ip multicast-routing
ip pim ssm range 5
access-list 5 permit 232.20.10.1
inter e0/1
ip pim sparse-mode
int e0/0
ip pim sparse-mode
ip igmp ver 3
ip pim v3 lite
ip urd



!!!4.1!!!
LinkFragMentation


R1
map-class frame-relay FRTS
frame-relay cir  128000
frame-relay bcc 8000
frame-relay be 1000
exit

int s0/1
bandwidth 128
frame-relay traffic-shaping
exit
int s0/1.221 point-to-point
bandwidth 128
frame-relay interfce-dlci 221 ppp virtual-template 1
cclass FRTS
exit
exit
interfce Virtual-templat 1
bandwidth 128
exit
multilink bandle-name endpoint
int multilink 1
bandwidth 128
ppp multilink
bandwidth 128
ppp multilink
bandwidth 128
ppp multilink fragment delay 8
ppp multilink interleave
ppp multilink endpoint hostnae
exit




R3
map-class frame relay FRTS
frame-relay cir 1280000
frame-relay bc 8000
frame-relay be 1000
exit
int s0/0
bandwidth 128
frame-relay traffic-shaping
exit
int s9/1.223 point-to-point
bandwidth 128
frame-relay interface-lci 221 ppp virtual-template 1
class FRTS
exit
exit
int virtual-template 1
bandwidth 128
multilink-bandle endpoint hostname
exit



!!!K2のみ!!!
###4.1LinkFragmentation##
###
R1
class-map voip
match ip precedence 5
match ip rtp 16384 16383

policy-map voip
class voip
priority percent 45
policy-map shape
class class-default
shape average 128000 8000 1000
service-policy voip
multilink bundle-name endpoint
int multilink 1
ip unnumberded lo 0
ppp multilink fragment delay 8
ppp multilink interleave
bandwidth 128
service-policy output shape
interface s0/0/0.13 point-to-point
frame-relay interface-dlci 231 ppp virtual-template 1
interface virtual-template 1
ppp multilink group 1

###
R3
class-map voip
match ip precedence 5
match ip rtp 16384 16383

policy-map voip
class voip
priority percent 45
policy-map shape
class class-default
shape average 128000 8000 1000
service-policy voip
multilink bundle-name endpoint
int multilink 1
ip unnumberded e0/0
ppp multilink fragment delay 8
ppp multilink interleave
bandwidth 128
service-policy output shape
interface s0/0/0.13 point-to-point
frame-relay interface-dlci 233 ppp virtual-template 1
interface virtual-template 1
ppp multilink group 1
###
!!!K2のみ!!!





!!!4.2MQC!!!
R1
access-list 100 permit udp any any precedence critical
class-map match-all voip
match access-group 100
exit
policy-map voip
priority 45
exit
class class-default
fair-queue
exit
exit
interface multilink 1
service-policy output voip
exit


R3
aces-list 100 permit udp any any precedence critical
class-map match-all voip
exit
policy-map voip
class voip
priority 45
exit
class class-default
fair-queue
exit
exitinterface multilink 1
service-poicy output oip
exit


!!!4.3NTP!!!
R5
clock set 8:00:00 1 JAN 2010
conf t
clock timezone HK+8
nep master 5
ntp source fa0/1
ntp server yy.yy.254.254
ntp acces-group peer 10
ntp access-group serve-only 20
ntp peer vrf VPNyy yy.yy.3.3 key 1
ntp peer vrf VPNyy yy.yy.8.8
ntp peer vrf VPNyy yy.yy.7.7
access-list 10 permit yy.yy.254.254
access-list 10 permit 127..127.7.1
access-list 20 permit yy.yyy.3.3
access-list permit yy.yy.7.7
access-list 20 permit yy.yy.8.8
ntp update-calennder
clck calnder-vlid
ntp uthenticate
ntp trust-key 1
ntp authentication-key 1 md5 cisco

R3
clock timezone HK+8
ntp authenticate
ntp authentication-key 1 md5 cisco
ntp trust-key 1
ntp server yy.yy.0130 key 1 source lo 0
ntp update-calender
clock time-zone HK+8
ntpserer yy.yy.0.130 lo 0


SW2
clodk timezone HK+(
ntp server yy.yy.0.130 source lo 0





!!!K2!!!
###4.2ntp###
R5
clock calendea-valid
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp master 5
ntp source fa1/1
ntp access-group peer 1
ntp access-group serve-only 2
ntp update-calender

ntp peer vrf vpn 3 3.3.3.3 key 1
ntp peer vrf vpn 3 3.3.8.8
ntp peer vrf vpn 3 3.3.7.7
ntp server 3.3.254.254 source lo 0

access-list 2 permit 3.3.254.254
access-list 2 permit 127.127.7.1
access-list 1 permit 3.3.3.3
access-list 1 permit 3.3.7.7
access-list 1 permit 3.3.8.8
!!!K2!!!




R3
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp trust-key 1
ntp server 1.1.0.130 key 1 source lo 0

SW1 2
ntp server 1.1.0.130 source lo 0




!!!4.3 Rsvp !!!!!!!!
R1
interface lo 0
ip rsvp bandwidth 64 64
exit
interface multilink 1
ip rsvp bandwidth 64 64
exit
ip rsvp reservation-host yy.yy.1.1 yy.yy.3.3 tp 23 10000 ff rate 10 1


R3
interface lo 0
ip rsvp bandwidth 64 64
exit
interfae multilinnk 1
ip rrsvp bandwidth 64 64
exit
ip rsvp sender-host yy.yy.1.1 yy.yy.3.3 23 10000 10 1


!!!4.4FirstHop redunndancy with Object Tracking!!!

SW3
track 10 ip route 0.0.0.0 0.0.0.0 reachability
interface vlan 234
sandby 1 ip yy.yy.128.96
standb 1 preempt
standby 1 track 10
standby 2 ip yy.yy.128.222
standby 2 priority 105
standby 2 preempt
standby 2 track
exit


SW4
track 10 ip rotue 0.0.0.0 reachability
interface vlan 234
standby 1 ip yy.yy.128.9
standby 1 pripority 105
standb 1 preempt
standby 1 track 10
standby 2 ip yy.yy.128.222
standby 2 track 10
exit




!!!MLS qos for Video!!!
SW4
mld qos
mps qos srr-queue output dscp-map queue 1 56
ip access-list extnded 100
permit ip host yy.yy.128.98 yy.yy.0.64 0.0.0.31
exit
clss-map match all voip
match access-group 100
exit
ms qos map policed-dscp 5 to 8
poliy-map policy
class voip
set ip dscp 56
police 300000 125000 exceeded-action police-dscp-trancemit
exit
exit
interface 0.6
service-policy input policy
mls qos cos 1
exit
interfce range fa0/19 - 24
mps qos trust dscp
mps qos cos 1
priority-queue out
exit



SW1
mls qos
ms qos srr-queue outout dscp-map queue 1 56
interface range fa019 - 24
mls qos trust dscp
mls qos cos 1
priority-queue out
exit



!!!K2のみ!!!
###4.4MHSRP###

SW3
int vlan 234
standby 1 ip 1.1.128.196
standby 1 preempt
standby 2 ip 1.1.128.222
standby 2 priority 105
standby 2 preempt
standby 2 track 10

rtr 10
type echo protocol ipicmpEcho 12.12.128.163

rtr schedule 10 start-time now
track 10 rtr/ipsla 10

SW4
int vlan 234
standby 1 ip 1.1.128.196
standby 1 priority 105
standby 1 preempt
standby 1 track 10
standby 2 ip 1.1.128.222
standby 2 preempt
rtr 10
type echo protocol ipicmpEcho 12.12.128.163
rtr schedule 10 start-time now


track 10 rtr/ipsla10
!!!K2のみ!!!




!!!5.1!!!


SW1
ip sla responder


SW2


SW2
mls qos
mos qos srr-queue output dscp-map queue 1 56
interface range fa0/19 - 24
mls qos trust dscp
mls qos cos
priority-queue out
int fa0/1
mls qos trust dscp
mps qos cos 1
priority-queue out
exit




!!!5.1 Ip Service Level Agreement!!!
SW1
ip spa responder

SW2
ip sa 1
tcp-connect yy.yy.7.7 23 source-ip yy.yy.8.
freuency 180
exit
ip sla 2
icmp-echo yy.yy.3.3 source-ip yy.yy.8.8
frquncy 180
exit
ip sla schedule 1 start-time now recuring
ip sla schedule 2 start-time now recuring


!!!5.2 SNMP !!!
R3
snmp-server communit public Ro
snmp-server community public ro
snmp community ciscoADMIN RW
snmp-server enable traps rsvp
snmp-server host yy.yy.128.336 public rsvp


SW2
snmp-server community public RO
snmp-server community ciscoADMIN RW
snmp-server user ciscoADMIN ciscoADMIN v1
snmp-server user ciscoADMIN ciscoADMIN v2c
snmp-server enable raps rtr
snmp-server host yy.yy.128.226 pubic rsvp



!!!5.2!!!
R3
snmp-server comunity public RO
snmp-server community ciscoADMIN RW
snmp-server enable trasps rsvp
enmp-server host yy.yy.128.226 public rsvp

SW2
snmp-server community public RO
snmp-server community public RO
snmp-server community ciscoADMIN RW
snmp-server user ciscoADMIN v1
snmp-server user ciscoADMIN v2c
snmp-server enable traps rtr
snmp-server host yy.yy.120.226 public rtr
ip sla reaction-configuration 1 react rtr threshold-type imediate action-type trapOnly
ip sla reaction-configuration 2 react rtr threshold imediate action-type traponly









###5.2snmp###K2のみ
snmp-server community public ro
snmp-server community ciscoADMIN rw
snmp-server enale traps rtr/ipsla
snmp-server hos yy.yy.128.226 public
ip sla monitor reaction-configration 1 react rtt threshold-value 40 2 0 threshold-type immediate action-type traponlyip


R3
snmo-server communitu public ro
snmo-server community ciscoADMIN rw
snmp-server host yy.yy.128.226 public
snmp-server enable traps osp cisco-specific state-change sham-link
snmp enable traps osp cisco-specific errors shamlink
snmp-server enable traps osp cisco-specific retransmit shamlink



R2
service timestamps debug datetime msec localtime

loggng count
logging buffered 100000 warnings
exception core-file rack12R2 compress
exception protocol ftp
exception dump 12.12.128.196
ip ftp username reload
ip fftp password cico
ip ftp passive
###5.2snmp###K2のみ




!!!5.3!!!
R2
logging on
servicetimestaumps log dateline msec localtime
service timestamps debug datetim msec localtime
logging count
logging buffered 100000 warnings
ip ftp username reload
ip ftp passwprd cisco
exception corefile RackyyR2 compress
exception protocol ftp
exception dump yy.yy.126.196

R4
extendded ip access-list copp_acl_atack
10 permit udp any any eq 1434
20 permit udp any any eq 1434 any
30 permit ip any any fragments
extended ip access-list copp_acl_bgp
10 permit tcp any eq bgp host 1.1.4.4
20 permit tcp any host 1.1.4.4 eq bgp=179

extended ip access-list copp_acl_ldp
10 permit tcp any host 1.1.4.4 eq 646
20 permit tcp any eq 646 host 1.1.4.4
30 permit udp any eq 646 host 224.0.0.2 eq 646
extended ip access-list copp_acl_mgmt
10 permit icmp any any
20 permit pim any any
extended ip access-list copp ospf

!!!5.4!!!

R4
mls qos
class map match-all telnet id3
matchaccess-group name copp_acl_telnet
class-map match-all attack
match access-group name copp_acl_attack
clas map match-all mgmt
match access-group name copp_acl_mgmt
class-map match-any class-default
match any

class map match-any ldp_bgp_ospf_eigrp id 1
match access-group name copp_acl_ldp
match access-group name copp_acl_bgp
match access-group name copp_acl_ospf
match access-group name copp_acl_eigrp
class-map match-all l2arp
match protocol arp
policy map police
class attack
policerate 10 pps burst 2 packet
conform-action drop
exceed-action drop
class ldp_bgp_ospf_eigrp
class telnet
poolicerate 100 pps burst 24 packets
conform action transmit
exceeded action trancemit
投稿者 時刻:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)