2012年1月11日水曜日
wnzhyfehxan
61.2 VLAN TRUNKwnzhyfehxan● Configure all inter-switch links to use an industry standard dot1qwnzhyfehxan● Set the VTP Domain to “CCIE”. SW1 should be server and rest Clients.wnzhyfehxan● Set vtp ver 2 and password “cisco” config vlan as following.wnzhyfehxanVLAN ID VLAN NAME Router I/F or Functional Portwnzhyfehxan11 VLAN_BB1 R3 Fa0/0 SW1 Fa0/10wnzhyfehxan22 VLAN_BB2 SW2 Fa0/10、R2 Fa0/1 wnzhyfehxan33 VLAN_BB3 SW3 Fa0/10wnzhyfehxan42 VLAN_B R2 Fa0/0wnzhyfehxan44 VLAN_C R4 Fa0/0wnzhyfehxan55 VLAN_E R5 Fa0/1wnzhyfehxan123 VLAN_123 wnzhyfehxan999 VLAN_999 Remote-spanwnzhyfehxanwnzhyfehxanSW1 / SW2 / SW3 / SW4wnzhyfehxanint f0/19 24wnzhyfehxansw trunk en downzhyfehxansw mo trunwnzhyfehxanvtp domain CCIEwnzhyfehxanvtp version CCIEwnzhyfehxanvtp pass ciscownzhyfehxanvtp mode server (SW1)wnzhyfehxanvtp mode client (SW2/SW3/SW4)wnzhyfehxanwnzhyfehxanSW1wnzhyfehxanint f0/10wnzhyfehxan sw mode accesswnzhyfehxan sw access vlan 11wnzhyfehxan span bgduf enablewnzhyfehxanint f0/1wnzhyfehxan no switchportwnzhyfehxan ip add 13.13.17.7 255.255.255.0wnzhyfehxanint f0/2wnzhyfehxan sw mode accesswnzhyfehxan sw access vlan 42wnzhyfehxanint f0/3wnzhyfehxan sw mode accesswnzhyfehxan sw access vlan 11wnzhyfehxanint f0/4wnzhyfehxansw mode accesswnzhyfehxan sw access vlan 44wnzhyfehxanwnzhyfehxanSW2wnzhyfehxanint f0/10wnzhyfehxan sw mode accesswnzhyfehxan sw access vlan 22wnzhyfehxan span bpduf enablewnzhyfehxanint f0/2wnzhyfehxan sw mode accesswnzhyfehxan sw access vlan 22wnzhyfehxanint f0/5wnzhyfehxan sw mode accesswnzhyfehxan sw access vlan 55wnzhyfehxanwnzhyfehxanSW3wnzhyfehxanint f0/10wnzhyfehxan sw mode accesswnzhyfehxan sw access vlan 33wnzhyfehxan span bpduf enablewnzhyfehxanwnzhyfehxan1.3 Implement Spanning-tree (STP)wnzhyfehxanconfigure the additional spaning-tree on SW1,SW2,SW3 and SW4 according to the following requirement.wnzhyfehxan・Configure VLANs for Backbone should be in instance 1 and,VLANs through your network shoule ve in instance 2, ALL other VLAN shoule ve in default spanning-tree instance.wnzhyfehxan・Ensure that SW1 must be the root for instance 1 with SW2 being rhe backup for instance 1wnzhyfehxan・Ensure that SW2 must be the root for instance 2 with SW1 being the backup for instance 2wnzhyfehxanwnzhyfehxanwnzhyfehxanSW1 / SW2 / SW3 / SW4wnzhyfehxanspanning-tree mode mstwnzhyfehxanspanning-tree mst conwnzhyfehxanname ciscownzhyfehxanreversion 1wnzhyfehxaninstance 1 vlan 11,22,33wnzhyfehxaninstance 2 vlan 42,44,55,123,999wnzhyfehxanwnzhyfehxanSW1wnzhyfehxanspanning mst 1 root priwnzhyfehxanspanning mst 2 root seconwnzhyfehxanwnzhyfehxanSW2wnzhyfehxanspanning mst 1 root seconwnzhyfehxanspanning mst 2 root priwnzhyfehxan(SW1-SW4)spanning mst max-age 30 wnzhyfehxan(SW2ミナフケ $チ ネXユ牀 杏Lヌ , SW1,SW2 ミナ $チ ネDヌ Hナ tユトウ エ抜タノ Uヨxヌtユ|ナ hユ )wnzhyfehxanwnzhyfehxan<Uヨxヌ> wnzhyfehxanRack13SW1#sh spanning-tree mst 1wnzhyfehxan##### MST1 vlans mapped: 11,22,33wnzhyfehxanBridge address 0013.c3d1.9b00 priority 24577 (24576 sysid 1)wnzhyfehxanRoot this switch for MST1wnzhyfehxanwnzhyfehxanInterface Role Sts Cost Prio.Nbr Typewnzhyfehxan---------------- ---- --- --------- -------- --------------------------------wnzhyfehxanFa0/3 Desg FWD 200000 128.5 Edge P2p wnzhyfehxanFa0/10 Desg FWD 200000 128.12 Edge P2p wnzhyfehxanFa0/19 Desg FWD 200000 128.21 P2p wnzhyfehxanFa0/20 Desg FWD 200000 128.22 P2p wnzhyfehxanFa0/21 Desg FWD 200000 128.23 P2p wnzhyfehxanFa0/22 Desg FWD 200000 128.24 P2p wnzhyfehxanFa0/23 Desg FWD 200000 128.25 P2p wnzhyfehxanFa0/24 Desg FWD 200000 128.26 P2pwnzhyfehxanwnzhyfehxanRack13SW2#sh spanning-tree mst 2wnzhyfehxan##### MST2 vlans mapped: 40,42,44,55,123wnzhyfehxanBridge address 0013.c3d1.3c00 priority 24578 (24576 sysid 2)wnzhyfehxanRoot this switch for MST2wnzhyfehxanwnzhyfehxanInterface Role Sts Cost Prio.Nbr Typewnzhyfehxan---------------- ---- --- --------- -------- --------------------------------wnzhyfehxanFa0/5 Desg FWD 200000 128.7 Edge P2p wnzhyfehxanFa0/19 Desg FWD 200000 128.21 P2p wnzhyfehxanFa0/20 Desg FWD 200000 128.22 P2p wnzhyfehxanFa0/21 Desg FWD 200000 128.23 P2p wnzhyfehxanFa0/22 Desg FWD 200000 128.24 P2p wnzhyfehxanFa0/23 Desg FWD 200000 128.25 P2p wnzhyfehxanFa0/24 Desg FWD 200000 128.26 P2pwnzhyfehxanwnzhyfehxanSW1 / SW2 / SW3 / SW4wnzhyfehxanspanning-tree portfast defaultwnzhyfehxanspanning-tree portfast bpduguard defaultwnzhyfehxanwnzhyfehxan<Uヨxヌ> wnzhyfehxanRack13SW1#show spanning-tree summarywnzhyfehxanRoot bridge for: MST1wnzhyfehxanExtended system ID is enabledwnzhyfehxanPortfast Default is enabledwnzhyfehxanPortFast BPDU Guard Default is enabledwnzhyfehxanPortfast BPDU Filter Default is disabledwnzhyfehxanLoopguard Default is disabledwnzhyfehxanEtherChannel misconfig guard is enabledwnzhyfehxanUplinkFast is disabledwnzhyfehxanBackboneFast is disabledwnzhyfehxanwnzhyfehxan1.4 Configure Additional Spanning-treewnzhyfehxanEnsure port f0/20 is forwarding rather than blocking for MST 1 on SW3.wnzhyfehxanEnsure port f0/20 is forwarding rather than blocking for MST 2 on SW4wnzhyfehxanYou cannot do any configuration on SW3wnzhyfehxanUse highest value to complete.wnzhyfehxanwnzhyfehxanSW1wnzhyfehxanint f0/19wnzhyfehxan spanning mst 1 port-priority 240wnzhyfehxanSW2wnzhyfehxanint f0/19wnzhyfehxan spanning mst 2 port-priority 240wnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanSW4wnzhyfehxanint f0/19wnzhyfehxan spanning mst 2 cost 200000000wnzhyfehxanwnzhyfehxan<Uヨxヌ> wnzhyfehxanRack13SW4#sh spanning-tree mst 2wnzhyfehxan##### MST2 vlans mapped: 40,42,44,55,123wnzhyfehxanBridge address 000f.238b.1180 priority 32770 (32768 sysid 2)wnzhyfehxanRoot address 0013.c3d1.3c00 priority 24578 (24576 sysid 2)wnzhyfehxan port Fa1/0/20 cost 200000 rem hops 19wnzhyfehxanwnzhyfehxanInterface Role Sts Cost Prio.Nbr Typewnzhyfehxan---------------- ---- --- --------- -------- --------------------------------wnzhyfehxanFa1/0/19 Altn BLK 200000000 128.21 P2p wnzhyfehxanFa1/0/20 Root FWD 200000 128.22 P2p wnzhyfehxanFa1/0/21 Altn BLK 200000 128.23 P2p wnzhyfehxanFa1/0/22 Altn BLK 200000 128.24 P2p wnzhyfehxanFa1/0/23 Desg BLK 200000 128.25 P2p wnzhyfehxanFa1/0/24 Desg BLK 200000 128.26 P2pwnzhyfehxanwnzhyfehxan1.5 Configure EtherChannelwnzhyfehxan● Configure the industry standard Etherchannel between SW1 & SW2.wnzhyfehxan● Configure proprietary Etherchannel between SW3 & SW4 SW1 & SW3 should actively negotiate and SW4 &wnzhyfehxan SW2 should only establish Etherchannel when requested.wnzhyfehxanwnzhyfehxanSW1wnzhyfehxanint range fa0/23 24wnzhyfehxan channel-pro lacpwnzhyfehxan channel-group 1 mode activewnzhyfehxanwnzhyfehxanwnzhyfehxanSW2wnzhyfehxanint range fa0/23 24wnzhyfehxanchannel-pro lacpwnzhyfehxan channel-group 1 mode passivewnzhyfehxanwnzhyfehxanSW3wnzhyfehxanint range fa0/23 24wnzhyfehxan channel-pro pagpwnzhyfehxan channel-group 1 mode desirablewnzhyfehxanwnzhyfehxanSW4wnzhyfehxanint range fa0/23 24wnzhyfehxanchannel-pro pagpwnzhyfehxan channel-group 1 mode autownzhyfehxanwnzhyfehxanwnzhyfehxan<Uヨxヌ> wnzhyfehxanRack13SW1#show etherchannel summary wnzhyfehxanFlags: D - down P - in port-channelwnzhyfehxan I - stand-alone s - suspendedwnzhyfehxan H - Hot-standby (LACP only)wnzhyfehxan R - Layer3 S - Layer2wnzhyfehxan U - in use f - failed to allocate aggregatorwnzhyfehxan u - unsuitable for bundlingwnzhyfehxan w - waiting to be aggregatedwnzhyfehxan d - default portwnzhyfehxanwnzhyfehxanwnzhyfehxanNumber of channel-groups in use: 1wnzhyfehxanNumber of aggregators: 1wnzhyfehxanwnzhyfehxanGroup Port-channel Protocol Portswnzhyfehxan------+-------------+-----------+-----------------------------------------------wnzhyfehxan1 Po1(SU) LACP Fa0/23(P) Fa0/24(P) wnzhyfehxanwnzhyfehxanwnzhyfehxan1.6 RSPANwnzhyfehxanConfigure port mirroring receive from BB1 traffic on SW1 as the sourcewnzhyfehxanConfigure port mirroring receive from BB2 traffic on SW2 as the sourcewnzhyfehxanUse remote vlan 999 for the destination for SW1 and SW2.wnzhyfehxanTraffic should be sent to SW4 f0/15.wnzhyfehxanSW4 monitor the traffic from SW3 send f0/16wnzhyfehxanwnzhyfehxanSW1wnzhyfehxanvlan 999wnzhyfehxanremote-spanwnzhyfehxanmonitor session 1 source vlan 11 rxwnzhyfehxanmonitor session 1 destination remote vlan 999wnzhyfehxanwnzhyfehxanSW2wnzhyfehxanmonitor session 1 source vlan 22 rxwnzhyfehxanmonitor session 1 destination remote vlan 999wnzhyfehxanwnzhyfehxanSW4wnzhyfehxanmonitor session 1 source remote vlan 999wnzhyfehxanmonitor session 1 destination interface Fa0/15wnzhyfehxanmonitor session 2 source interface port1 bothwnzhyfehxanmonitor session 2 destination interface Fa0/16wnzhyfehxanwnzhyfehxanwnzhyfehxan<Uヨxヌ> wnzhyfehxanRack13SW1#sh monitor wnzhyfehxanSession 1wnzhyfehxan---------wnzhyfehxanType : Remote Source SessionwnzhyfehxanSource VLANs :wnzhyfehxan RX Only : 11wnzhyfehxanDest RSPAN VLAN : 999wnzhyfehxanwnzhyfehxanRack13SW2#sh monitor wnzhyfehxanSession 1wnzhyfehxan---------wnzhyfehxanType : Remote Source SessionwnzhyfehxanSource VLANs :wnzhyfehxan RX Only : 22wnzhyfehxanDest RSPAN VLAN : 999wnzhyfehxanwnzhyfehxanwnzhyfehxanRack13SW4#sh monitor wnzhyfehxanSession 1wnzhyfehxan---------wnzhyfehxanType : Remote Destination SessionwnzhyfehxanSource RSPAN VLAN : 999wnzhyfehxanDestination Ports : Fa1/0/15wnzhyfehxan Encapsulation : Nativewnzhyfehxan Ingress : DisabledwnzhyfehxanwnzhyfehxanwnzhyfehxanSession 2wnzhyfehxan---------wnzhyfehxanType : Local SessionwnzhyfehxanSource Ports : wnzhyfehxan Both : Po1wnzhyfehxanDestination Ports : Fa1/0/16wnzhyfehxan Encapsulation : Nativewnzhyfehxan Ingress : DisabledwnzhyfehxanwnzhyfehxanON Sw1-SW4wnzhyfehxanint ran fa0/19 - 24wnzhyfehxanduplex-halfwnzhyfehxanwnzhyfehxan1.7 PPP CHAPwnzhyfehxanUse PPP chap on R4 for R1 R2, one way. wnzhyfehxanR1 R2 cannot use ppp chap hostname, they can use ppp chap password with CCIE.wnzhyfehxanUse AAA and configure radius server YY.YY.44.200 password CISCO, this server is inexistence. wnzhyfehxanMake sure AAA is not affection any vty and console login.wnzhyfehxanUse authentication default list onlywnzhyfehxanwnzhyfehxanR1/R2wnzhyfehxanint s2/0wnzhyfehxan enca pppwnzhyfehxan no peer neiwnzhyfehxan no shutwnzhyfehxanwnzhyfehxanR4wnzhyfehxanaaa new-modelwnzhyfehxanaaa authentication login default line nonewnzhyfehxanaaa authentication ppp default group radius local-case (PPP\ク $チ ネフケ Xユ牀 xヌ數 ネゥニ `ユ Lオ抜 default\ク ャタゥニXユ牀 杏Lヌ, \ニ ?? )wnzhyfehxanradius-server host 13.13.44.200 key CISCOwnzhyfehxanusername Rack13R1 password 0 CCIEwnzhyfehxanusername Rack13R2 password 0 CCIEwnzhyfehxanwnzhyfehxaninterface Serial1/0wnzhyfehxan ppp authentication chap wnzhyfehxanwnzhyfehxaninterface Serial1/1wnzhyfehxan ppp authentication chap wnzhyfehxanwnzhyfehxanwnzhyfehxanR1/R2wnzhyfehxaninterface Serial2/0wnzhyfehxan ppp chap password CCIEwnzhyfehxanwnzhyfehxanwnzhyfehxan1.8 Configure all necessary SVI’s on switches as per the L2 diagram.wnzhyfehxanConfigure all necessary SVI’s on switches as per the L2 diagram.wnzhyfehxanIf IP addresses are not specified, use any IP address from the same subnet.wnzhyfehxanDo not configure additional vlan’s.wnzhyfehxanwnzhyfehxanIt is already done in the basic config.wnzhyfehxanwnzhyfehxanSection 2 : Layer 3 Technologieswnzhyfehxan● After finishing each of the following questions, make sure that all configured interfaces and subnets areawnzhyfehxan consistently visible on all pertinent routers and switches.wnzhyfehxan● Do not redistribute between any interior gateway protocol(IGP) and Board Gateway Protocol(BGP).wnzhyfehxan● You need to ping a BGP route only if it is stated in a question, otherwise the route should be only in thewnzhyfehxan BGP table.wnzhyfehxan● At the end of section 2, all subnets in your topology, including the loopback interfaces, must be reachablewnzhyfehxan via ping. Therefore redistribute as you wish unless directly stated in a question.wnzhyfehxan The backbone interface must be reachable only if they are port of the solution to a question.wnzhyfehxan● The loopback interface can be seen as either /24 or /32 in the routing tables unless stated otherwise in awnzhyfehxan question.wnzhyfehxan● The loopback interface can be added into your IGP either via redistribution or added to a routing processwnzhyfehxan of your choice.wnzhyfehxanwnzhyfehxan2.1 Configure OSPF Area0, 142, 51 as diagramwnzhyfehxanUse any number for the process ID.wnzhyfehxanConfigure the Router ID to match Loopback 0wnzhyfehxanConfigure Area 0 between on the Ethernet segment shared by all switches.wnzhyfehxanif SW1 down SW2 should be the backup. (Use largest value)wnzhyfehxanConfigure OSPF AREA 142 between SW1-R1-R4-R2-SW4wnzhyfehxanConfigure OSPF AREA 51 between SW2-R5-R3wnzhyfehxanR4 can see three prefix from Backbone type OE2 in the routing tableswnzhyfehxanR1-R5 SW1-SW4wnzhyfehxanip cefwnzhyfehxanipv6 cefwnzhyfehxanwnzhyfehxanR1wnzhyfehxanrouter ospf 13wnzhyfehxan router-id 13.13.1.1wnzhyfehxan net 13.13.1.1 0.0.0.0 area 142wnzhyfehxan net 13.13.14.1 0.0.0.0 area 142wnzhyfehxan net 13.13.17.1 0.0.0.0 area 142wnzhyfehxanwnzhyfehxanR2wnzhyfehxanrouter ospf 13wnzhyfehxan router-id 13.13.2.2wnzhyfehxan net 13.13.2.2 0.0.0.0 area 142wnzhyfehxan net 13.13.24.2 0.0.0.0 area 142wnzhyfehxan net 13.13.29.2 0.0.0.0 area 142wnzhyfehxanwnzhyfehxanrouter ospf 13wnzhyfehxanredistribute connected subnets route-map BB1wnzhyfehxanroute-map BB1 permit 10wnzhyfehxan match interface FastEthernet0/1wnzhyfehxanwnzhyfehxanwnzhyfehxanR3wnzhyfehxanrouter ospf 13wnzhyfehxan router-id 13.13.3.3wnzhyfehxan net 13.13.3.3 0.0.0.0 area 51wnzhyfehxan net 13.13.35.3 0.0.0.0 area 51wnzhyfehxanwnzhyfehxanR4wnzhyfehxanrouter ospf 13wnzhyfehxan router-id 13.13.4.4wnzhyfehxan net 13.13.4.4 0.0.0.0 area 142wnzhyfehxan net 13.13.14.4 0.0.0.0 area 142wnzhyfehxan net 13.13.24.4 0.0.0.0 area 142wnzhyfehxannet 13.13.44.4 0.0.0.0 area 142wnzhyfehxannet 13.13.144.4 0.0.0.0 area 142wnzhyfehxanwnzhyfehxanR5wnzhyfehxanrouter ospf 13wnzhyfehxan router-id 13.13.5.5wnzhyfehxan net 13.13.5.5 0.0.0.0 area 51wnzhyfehxan net 13.13.35.5 0.0.0.0 area 51wnzhyfehxan net 13.13.58.5 0.0.0.0 area 51wnzhyfehxanwnzhyfehxanSW1wnzhyfehxanip routingwnzhyfehxanrouter ospf 13wnzhyfehxan router-id 13.13.7.7wnzhyfehxan net 13.13.7.7 0.0.0.0 area 0wnzhyfehxan net 13.13.17.7 0.0.0.0 area 142wnzhyfehxan net 13.13.123.7 0.0.0.0 area 0wnzhyfehxanwnzhyfehxanint vlan 123wnzhyfehxan ip ospf priority 255wnzhyfehxanwnzhyfehxanSW2wnzhyfehxanip routingwnzhyfehxanrouter ospf 13wnzhyfehxan router-id 13.13.8.8wnzhyfehxan net 13.13.8.8 0.0.0.0 area 0wnzhyfehxan net 13.13.58.8 0.0.0.0 area 51wnzhyfehxan net 13.13.123.8 0.0.0.0 area 0wnzhyfehxanwnzhyfehxanint vlan 123wnzhyfehxan ip ospf priority 254wnzhyfehxanwnzhyfehxanSW3wnzhyfehxanip routingwnzhyfehxanrouter ospf 13wnzhyfehxan router-id 13.13.9.9wnzhyfehxan net 13.13.9.9 0.0.0.0 area 0wnzhyfehxan net 13.13.123.9 0.0.0.0 area 0wnzhyfehxanwnzhyfehxanint vlan 123wnzhyfehxan ip ospf priority 0wnzhyfehxanwnzhyfehxanwnzhyfehxanSW4wnzhyfehxanip routingwnzhyfehxanrouter ospf 13wnzhyfehxan router-id 13.13.10.10wnzhyfehxan net 13.13.10.10 0.0.0.0 area 0wnzhyfehxan net 13.13.29.10 0.0.0.0 area 142wnzhyfehxan net 13.13.123.10 0.0.0.0 area 0wnzhyfehxanwnzhyfehxanint vlan 123wnzhyfehxan ip ospf priority 0wnzhyfehxanwnzhyfehxanwnzhyfehxan<Uヨxヌ> (R4 can see three prefix from Backbone type OE2 in the routing tables)wnzhyfehxanRack13R4#sh ip route | in 150wnzhyfehxan 150.1.0.0/24 is subnetted, 1 subnetswnzhyfehxanO E2 150.1.13.0 [110/20] via 13.13.24.2, 00:06:14, Serial1/1wnzhyfehxan 150.2.0.0/24 is subnetted, 1 subnetswnzhyfehxanO E2 150.2.13.0 [110/20] via 13.13.24.2, 00:00:37, Serial1/1wnzhyfehxan 150.3.0.0/24 is subnetted, 1 subnetswnzhyfehxanO E2 150.3.13.0 [110/20] via 13.13.24.2, 00:07:07, Serial1/1wnzhyfehxanwnzhyfehxan2.2 Implement IPv4 EIGRP.wnzhyfehxanConfigure EIGRP 100 on SW2.wnzhyfehxanDisable auto summary.wnzhyfehxanRedistribute EIGRP 100 into OSPF.wnzhyfehxanThe EIGRP routes should not be present in OSPF Area 51 but to Area 142,wnzhyfehxanSW2 should generate an inter-area default route.wnzhyfehxanwnzhyfehxanSW2wnzhyfehxanrouter eigrp 100wnzhyfehxan no auto-summarywnzhyfehxan net 150.3.13.0 0.0.0.255wnzhyfehxanwnzhyfehxanwnzhyfehxanrouter ospf 13wnzhyfehxan redistribute eigrp 100 subnetswnzhyfehxanarea 51 nssa no-redistribution no-summarywnzhyfehxanwnzhyfehxan<Uヨxヌ> wnzhyfehxanRack13R5#sh ip route wnzhyfehxanCodes: C - connected, S - static, R - RIP, M - mobile, B - BGPwnzhyfehxan D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area wnzhyfehxan N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2wnzhyfehxan E1 - OSPF external type 1, E2 - OSPF external type 2wnzhyfehxan i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2wnzhyfehxan ia - IS-IS inter area, * - candidate default, U - per-user static routewnzhyfehxan o - ODR, P - periodic downloaded static routewnzhyfehxanwnzhyfehxanGateway of last resort is 13.13.58.8 to network 0.0.0.0wnzhyfehxanwnzhyfehxan 13.0.0.0/8 is variably subnetted, 4 subnets, 2 maskswnzhyfehxanC 13.13.5.5/32 is directly connected, Loopback0wnzhyfehxanO 13.13.3.3/32 [110/65] via 13.13.35.3, 00:07:38, Serial1/1wnzhyfehxanC 13.13.35.0/24 is directly connected, Serial1/1wnzhyfehxanC 13.13.58.0/24 is directly connected, FastEthernet0/1wnzhyfehxanO*IA 0.0.0.0/0 [110/2] via 13.13.58.8, 00:00:25, FastEthernet0/1wnzhyfehxanwnzhyfehxanR3wnzhyfehxanrouter ospf 13wnzhyfehxan Area 51 nssawnzhyfehxanwnzhyfehxanR5wnzhyfehxanrouter ospf 13wnzhyfehxan Area 51 nssawnzhyfehxan2.3 implement RIP version 2wnzhyfehxan・configure RIP Version 2 (RIPv2)er the IGP topology diagramwnzhyfehxan・RIP updates should br advertise only out to the interface per the IGP topology diagramwnzhyfehxan・All Rip updates should be unicastwnzhyfehxan・The 16 routes from Backborn 3 is advertise to R3 Only 4 routes indicated on the below should be allowedwnzhyfehxan・You are allowed to use only one ACL line to accomplish this taskwnzhyfehxanN1 199.172.5.0wnzhyfehxanN1 199.172.7.0wnzhyfehxanN2 199.172.13.0wnzhyfehxanN2 199.172.15.0wnzhyfehxanwnzhyfehxanrouter ripwnzhyfehxanversion 2wnzhyfehxannetwork 150.1.0.0wnzhyfehxanpassive-interface default(いらんかも)wnzhyfehxanneighbor 150.1.13.254(いらんかも)wnzhyfehxandistribute-list 1 in fa0/0wnzhyfehxanno auto-summwnzhyfehxanaccess-list 1 permit 199.172.5.0 0.0.10.255wnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxan2.4 Implement RIP-OSPF Redistributewnzhyfehxan・Configure to redistribute RIP into OSPD area 51wnzhyfehxan・The routing table must be shown on R5 as the below tablewnzhyfehxan・The redistribute routes must be advertised to all routers in OSPFwnzhyfehxan・You are allowed to use only one ACL linte to accomplish this taskwnzhyfehxanwnzhyfehxanN1 X.X.5.0/24 [110/115]wnzhyfehxanN1 X.X.7.0/24 [110/115]wnzhyfehxanN2 X.X.13.0/24[110/30]wnzhyfehxanN2 X.X.15.0/24[110/30]wnzhyfehxanN2 X.X.13.0/24[110/30]wnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanrouter ospf 13wnzhyfehxan redistribute rip subnets route-map toospfwnzhyfehxanroute-map toospf permit 10wnzhyfehxan match ip address 2wnzhyfehxan set metric 50wnzhyfehxan set metric-type type-1wnzhyfehxanroute-map toospf permit 20wnzhyfehxan set metric 30wnzhyfehxan set metric-type type-2wnzhyfehxanaccess-list 2 permit 199.172.5.0 0.0.2.255wnzhyfehxanwnzhyfehxanwnzhyfehxan2.5 Implement IPv4 BGP.wnzhyfehxanConfigure one ibgp peering for R1,R2,R3,R5 in diagram except SW2.wnzhyfehxanPeer R2 with BB2. Configure community must have 254 208 104 for bgp route from BB3. wnzhyfehxanPeer R3 with BB1. Configure community must have 254 207 103 for bgp router from BB1 if physical links down, keep BGP peer connection also running on.wnzhyfehxanAll bgp route should prefer BB1 (even R2)wnzhyfehxanwnzhyfehxanR1 / R2 / R3 / R5wnzhyfehxanrouter bgp 13wnzhyfehxan no synchronizationwnzhyfehxanno auto-summarywnzhyfehxanbgp router-id 13.13.X.Xwnzhyfehxannei 13.13.8.8 remote 13wnzhyfehxannei 13.13.8.8 up lo 0wnzhyfehxannei 13.13.8.8 send-community (R2 R3 のみ)wnzhyfehxanwnzhyfehxanR3wnzhyfehxanrouter bgp 13wnzhyfehxan nei 150.1.13.254 remote 254wnzhyfehxan nei 150.1.13.254 route-map BB1 inwnzhyfehxanroute-map BB1wnzhyfehxan set local-pre 200wnzhyfehxan set community 104,208 additivewnzhyfehxanwnzhyfehxanR2wnzhyfehxanrouter bgp 13wnzhyfehxan nei 150.2.13.254 remote 254wnzhyfehxan nei 150.2.13.254 route-map BB2 inwnzhyfehxanroute-map BB2wnzhyfehxan set community 103,207 additivewnzhyfehxanwnzhyfehxanSW2wnzhyfehxanrouter bgp 13wnzhyfehxan no autownzhyfehxan no sywnzhyfehxan bgp router-id 13.13.8.8wnzhyfehxan nei 13.13.1.1 remote 13wnzhyfehxan nei 13.13.1.1 up lo 0wnzhyfehxan nei 13.13.1.1 route-relflectwnzhyfehxan nei 13.13.1.1 send-communitywnzhyfehxannei 13.13.2.2 remote 13wnzhyfehxan nei 13.13.2.2 up lo 0wnzhyfehxan nei 13.13.2.2 route-relflectwnzhyfehxan nei 13.13.2.2 send-communitywnzhyfehxannei 13.13.3.3 remote 13wnzhyfehxan nei 13.13.3.3 up lo 0wnzhyfehxan nei 13.13.3.3 route-relflectwnzhyfehxan nei 13.13.3.3 send-communitywnzhyfehxannei 13.13.5.5 remote 13wnzhyfehxan nei 13.13.5.5 up lo 0wnzhyfehxan nei 13.13.5.5 route-relflectwnzhyfehxan nei 13.13.5.5 send-communitywnzhyfehxanwnzhyfehxan<Uヨxヌ> wnzhyfehxanRack13R1#sh ip bgpwnzhyfehxanBGP table version is 11, local router ID is 13.13.1.1wnzhyfehxanStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal,wnzhyfehxan r RIB-failure, S StalewnzhyfehxanOrigin codes: i - IGP, e - EGP, ? - incompletewnzhyfehxanwnzhyfehxan Network Next Hop Metric LocPrf Weight Pathwnzhyfehxan*>i197.68.1.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan*>i197.68.4.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan*>i197.68.5.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan*>i197.68.21.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan*>i197.68.22.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxanwnzhyfehxanRack13R2#sh ip bgp wnzhyfehxanBGP table version is 11, local router ID is 13.13.2.2wnzhyfehxanStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal,wnzhyfehxan r RIB-failure, S StalewnzhyfehxanOrigin codes: i - IGP, e - EGP, ? - incompletewnzhyfehxanwnzhyfehxan Network Next Hop Metric LocPrf Weight Pathwnzhyfehxan*>i197.68.1.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan* 150.2.13.254 0 0 254 iwnzhyfehxan*>i197.68.4.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan* 150.2.13.254 0 0 254 iwnzhyfehxan*>i197.68.5.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan* 150.2.13.254 0 0 254 iwnzhyfehxan*>i197.68.21.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan* 150.2.13.254 0 0 254 iwnzhyfehxan*>i197.68.22.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan* 150.2.13.254 0 0 254 iwnzhyfehxanwnzhyfehxanRack13R3#sh ip bgp wnzhyfehxanBGP table version is 6, local router ID is 13.13.3.3wnzhyfehxanStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal,wnzhyfehxan r RIB-failure, S StalewnzhyfehxanOrigin codes: i - IGP, e - EGP, ? - incompletewnzhyfehxanwnzhyfehxan Network Next Hop Metric LocPrf Weight Pathwnzhyfehxan*> 197.68.1.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan*> 197.68.4.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan*> 197.68.5.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan*> 197.68.21.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxan*> 197.68.22.0 150.1.13.254 0 200 0 254 253 iwnzhyfehxanwnzhyfehxan2.6 Implement IPv6.wnzhyfehxanUse any number for the process ID. wnzhyfehxanConfigure the Router ID to match Loopback 0. wnzhyfehxanConfigure Area 0 between on the Ethernet segment shared by all switches. wnzhyfehxanSW1 should control all routing, and SW2 should be the backup for area 0. (Use largest value) wnzhyfehxanSW3 and SW4 are not elected.wnzhyfehxanConfigure OSPF Area 142 between SW1-R1-R4-R2-SW4.wnzhyfehxanConfigure OSPF Area 51 between SW2-R5-R3.wnzhyfehxanSome ipv6 address is already configured.wnzhyfehxanThe ipv6 add prefix : fc01:cc1e:xy:z/64wnzhyfehxanwnzhyfehxan2.7 Implement IPv6 Filtering.wnzhyfehxanQuestion 1wnzhyfehxanAdd a Loopback 8 to SW2 with Global IPv6 Address and ospfv3 Area 0 have the route in OE2.wnzhyfehxanConfigure OSPF Filtering to allow SW2 Loopback 8 in Area 0 and 142 but not Area 51 wnzhyfehxanQuestion 2wnzhyfehxanAdd a Loopback 8 to SW2 with Global IPv6 Address and redistribute into OSPFv3 with OE2.wnzhyfehxanConfigure OSPF filtering to allow SW2 Loopback 8 in Area 0 to go into Area 51, but no Area 142.wnzhyfehxan2011:cc1e:88:88::88/128wnzhyfehxanwnzhyfehxanReduce link traffic, change icmp error message to 4 times a second.wnzhyfehxanSW1 Fa0/1 FC01:DB8:74:11::/64 V123 FC01:DB8:74:123::/64 wnzhyfehxanSW2 V55 FC01:DB8:74:52::/64 V123 FC01:DB8:74:123::/64 wnzhyfehxanSW3 V123 FC01:DB8:74:123::/64 wnzhyfehxanSW4 V42 FC01:DB8:74:24::/64 V123 FC01:DB8:74:123::/64 wnzhyfehxanwnzhyfehxanwnzhyfehxanR1wnzhyfehxanipv6 unicast-routingwnzhyfehxanipv6 icmp error-interval 250wnzhyfehxanwnzhyfehxanip cefwnzhyfehxanipv6 cefwnzhyfehxanwnzhyfehxanipv6 router ospf 13wnzhyfehxan router-id 13.13.1.1wnzhyfehxan area 142 nssawnzhyfehxanwnzhyfehxaninterface Serial0/1wnzhyfehxan ipv6 address FC01:DB8:74:14::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 142wnzhyfehxanwnzhyfehxaninterface Fast0/0wnzhyfehxan ipv6 address FC01:DB8:74:11::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 142wnzhyfehxanwnzhyfehxanR2wnzhyfehxanipv6 unicast-routingwnzhyfehxanipv6 icmp error-interval 250wnzhyfehxanwnzhyfehxanip cefwnzhyfehxanipv6 cefwnzhyfehxanwnzhyfehxanipv6 router ospf 13wnzhyfehxan router-id 13.13.2.2wnzhyfehxan area 142 nssawnzhyfehxanwnzhyfehxaninterface Serial0/1wnzhyfehxan ipv6 address FC01:DB8:74:42::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 142wnzhyfehxanwnzhyfehxaninterface Fast0/0wnzhyfehxan ipv6 address FC01:DB8:74:24::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 142wnzhyfehxanwnzhyfehxanR3wnzhyfehxanipv6 unicast-routingwnzhyfehxanipv6 icmp error-interval 250wnzhyfehxanwnzhyfehxanipv6 router ospf 13wnzhyfehxan router-id 13.13.3.3wnzhyfehxanwnzhyfehxaninterface Serial0/0wnzhyfehxan ipv6 address FC01:DB8:74:35::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 51wnzhyfehxanwnzhyfehxanR4wnzhyfehxanipv6 unicast-routingwnzhyfehxanipv6 icmp error-interval 250wnzhyfehxanwnzhyfehxanip cefwnzhyfehxanipv6 cefwnzhyfehxanwnzhyfehxanipv6 router ospf 13wnzhyfehxan router-id 13.13.4.4wnzhyfehxan area 142 nssawnzhyfehxanwnzhyfehxaninterface Serial0/0wnzhyfehxan ipv6 address FC01:DB8:74:14::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 142wnzhyfehxanwnzhyfehxaninterface Serial0/1wnzhyfehxan ipv6 address FC01:DB8:74:42::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 142wnzhyfehxanwnzhyfehxanR5wnzhyfehxanipv6 unicast-routingwnzhyfehxanipv6 icmp error-interval 250wnzhyfehxanwnzhyfehxanipv6 router ospf 13wnzhyfehxan router-id 13.13.5.5wnzhyfehxanwnzhyfehxaninterface Serial0/1wnzhyfehxan ipv6 address FC01:DB8:74:35::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 51wnzhyfehxanwnzhyfehxaninterface Fast0/0wnzhyfehxan ipv6 address FC01:DB8:74:52::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 51wnzhyfehxanwnzhyfehxanSW1wnzhyfehxansdm prefer dual-ipv4-and-ipv6 default ------瑩 You need save and reloadwnzhyfehxanipv6 icmp error-interval 250wnzhyfehxanwnzhyfehxanip cefwnzhyfehxanipv6 cefwnzhyfehxanwnzhyfehxanipv6 router ospf 13wnzhyfehxan router-id 13.13.7.7wnzhyfehxan area 142 nssawnzhyfehxanwnzhyfehxanint fa0/1wnzhyfehxan ipv6 add FC01:DB8:74:11::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 142wnzhyfehxanwnzhyfehxanint vlan 123wnzhyfehxan ipv6 add FC01:DB8:74:123::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 0wnzhyfehxan ipv6 ospf priority 255wnzhyfehxanwnzhyfehxanSW2wnzhyfehxansdm prefer dual-ipv4-and-ipv6 default ------瑩 You need save and reloadwnzhyfehxanipv6 icmp error-interval 250wnzhyfehxanwnzhyfehxanipv6 router ospf 13wnzhyfehxan router-id 13.13.8.8wnzhyfehxan redistribute connected route-map loo8wnzhyfehxanwnzhyfehxanint vlan 55wnzhyfehxan ipv6 add FC01:DB8:74:52::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 51wnzhyfehxanwnzhyfehxanint vlan 123wnzhyfehxan ipv6 add FC01:DB8:74:123::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 0wnzhyfehxan ipv6 ospf priority 254wnzhyfehxanwnzhyfehxanint loo8wnzhyfehxan ipv6 add 2011:cc1e:88:88::88/128wnzhyfehxanwnzhyfehxanroute-map loo8 per 10wnzhyfehxan match int loo8wnzhyfehxanwnzhyfehxanSW3wnzhyfehxansdm prefer dual-ipv4-and-ipv6 default ------瑩 You need save and reloadwnzhyfehxanipv6 icmp error-interval 250wnzhyfehxanwnzhyfehxanipv6 router ospf 13wnzhyfehxan router-id 13.13.9.9wnzhyfehxanwnzhyfehxanint vlan 123wnzhyfehxan ipv6 add FC01:DB8:74:123::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 0wnzhyfehxan ipv6 ospf priority 0wnzhyfehxanwnzhyfehxanSW4wnzhyfehxansdm prefer dual-ipv4-and-ipv6 default ------瑩 You need save and reloadwnzhyfehxanipv6 icmp error-interval 250wnzhyfehxanwnzhyfehxanip cefwnzhyfehxanipv6 cefwnzhyfehxanwnzhyfehxanipv6 router ospf 13wnzhyfehxan router-id 13.13.10.10wnzhyfehxan area 142 nssawnzhyfehxanwnzhyfehxanint vlan 42wnzhyfehxan ipv6 add FC01:DB8:74:24::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 142wnzhyfehxanwnzhyfehxanint vlan 123wnzhyfehxan ipv6 add FC01:DB8:74:123::/64 eui-64wnzhyfehxan ipv6 ospf 13 area 0wnzhyfehxan ipv6 ospf priority 0wnzhyfehxanwnzhyfehxanwnzhyfehxan2.7 PFRwnzhyfehxan Configure OER between R1,R2 and R4 according ro the following requirements.wnzhyfehxan" Configure R4 as Master.wnzhyfehxan" Configure R1 and R2 as border routers.wnzhyfehxan" Ensure that PfR session area establishd using loopback0 interface onlywnzhyfehxan" Configure tunnel to have direct connecteivity between border routerswnzhyfehxan" A specific traffic(marked with DSCP"CS2")from VLAN_44 to VLAN_55 must be routed via R1wnzhyfehxan" Another traffic (marked with DSCP"CS4")from VLAN_44 to VLAN_55 must be routed via R2wnzhyfehxan" Use extended access-list with a single entry.wnzhyfehxan" if required by your solution,you may use any prefix that in not used in your topologywnzhyfehxanwnzhyfehxanwnzhyfehxanON R1wnzhyfehxankey chain KEYwnzhyfehxankey 1wnzhyfehxankey-string CISCOwnzhyfehxanwnzhyfehxanoer borderwnzhyfehxanlocal loopback0wnzhyfehxanmaster 12.12.4.4 key-chain KEYwnzhyfehxanwnzhyfehxaninterface Tunnel 1wnzhyfehxan ip add 12.12.YY.1 255.255.255.0wnzhyfehxan tunnel source loopback0wnzhyfehxan tunnel destination 12.12.2.2wnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanON R2wnzhyfehxankey chain KEYwnzhyfehxankey 1wnzhyfehxankey-string CISCOwnzhyfehxanwnzhyfehxanoer borderwnzhyfehxanlocal loopback0wnzhyfehxanmaster 12.12.4.4 key-chain CISCOwnzhyfehxanwnzhyfehxaninterface Tunnel 1wnzhyfehxan ip add 12.12.YY.2 255.255.255.0wnzhyfehxan tunnel source loopback0wnzhyfehxan tunnel destination 12.12.1.1wnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanOn R4wnzhyfehxankey chain KEYwnzhyfehxankey 1wnzhyfehxankey-string CISCOwnzhyfehxanoer master wnzhyfehxanPolicy-rules OERwnzhyfehxanborder 12.12.1.1 key-chain KEYwnzhyfehxaninterface Tunnel 1 internalwnzhyfehxaninterface s0/0/0 internalwnzhyfehxaninterface fa0/0 externalwnzhyfehxanlink-group R1wnzhyfehxanborder 12.12.2.2 key-chain KEYwnzhyfehxaninterface Tunnel1 internalwnzhyfehxaninterface fa0/0 externalwnzhyfehxaninterface serial 0/0/0 internalwnzhyfehxanlink-group R2wnzhyfehxanoer-map OER 10wnzhyfehxanmatch trafic-class access-list cs2wnzhyfehxanset link-group R1 fallbackR1wnzhyfehxanoer-map OER 20wnzhyfehxanmatch traffic class access-list cs4wnzhyfehxanset link-group R2 fallback R2wnzhyfehxanip access-list extended cs2wnzhyfehxanpermit ip 12.12.44.0 0.0.0.255 13.13.55.0 0.0.0.255 dscp cs2wnzhyfehxanip access-list extended cs4wnzhyfehxanpermit ip 12.12.44.0 0.0.0.255 12.12.55.0 0.0.0.255 dscp cs4wnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxan2.8 Optimized Edge Routing(OER) and Performance Routing(PFR)wnzhyfehxanwnzhyfehxanConfigure R4 to be the master controller and R1 and R2 to be the border routers.wnzhyfehxanThe OER implementation should be optimized such that when the packets with a DSCP CS4 is passing though the network,it is routerd out to R1 exit interface,from source vlan 44 to destination vlan 55wnzhyfehxanWhen dscp CS2 in passing through, it is routed out to R2 exit interface from source vlan 44 ro destination vlan 55wnzhyfehxanYou are allowed to create ACL but ouly one entry to accomplish this task. You are allowed to use any prefix-listwnzhyfehxanBecause of each border must be directly connected,You are allowed to use tunnel 1 and use any prefix except the diagram inusewnzhyfehxanuse active-prove onlywnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanON R4wnzhyfehxanip access-list extended VOICEwnzhyfehxanpermit udp 12.12.44.0 0.0.0.255 host 12.12.55.5 range 16384 32767 dscp efwnzhyfehxanoer-map OER 30wnzhyfehxanmatch ip add access-list VOICEwnzhyfehxanset delay threshold 40wnzhyfehxanset active-prove jitter 12.12.55.5 target-port (16385) it should be in between range of ACLwnzhyfehxanwnzhyfehxanset mode monitor fastwnzhyfehxanset mode route controlwnzhyfehxanset jitter threshold 5wnzhyfehxanset probe frequency 2 (default is 4 use monitr fast command to reduce it to 2)wnzhyfehxanwnzhyfehxanwnzhyfehxanOnR5wnzhyfehxanip sla responderwnzhyfehxanwnzhyfehxan2.10 Netflow Data Export.wnzhyfehxanConfigure Netflow on R1 for IPv6 traffic send to x.x.55.100 with port 9876 every 2 mins aggregate flow cache entry 20000, inactive for 3 mins. ()シ幣2, カ抜 3Dヌ 範慘)wnzhyfehxanwnzhyfehxanR1wnzhyfehxanipv6 cefwnzhyfehxanipv6 flow-cache timeout inactive 180wnzhyfehxanipv6 flow-export source loopback0wnzhyfehxanipv6 flow-export template timeout rate 2wnzhyfehxanipv6 flow-export destination yy.yy.55.100 9876wnzhyfehxanipv6 flow-aggregation cache protocol-portwnzhyfehxancache entries 20000 -wnzhyfehxancache inactive timeout 180wnzhyfehxanexport version 9 wnzhyfehxanwnzhyfehxaninterface f0/0wnzhyfehxan ipv6 flow egresswnzhyfehxanwnzhyfehxan<)シ幣2>wnzhyfehxan` ipv6 flow-export version 9wnzhyfehxan ipv6 flow-export destination YY.YY.44.100 9876wnzhyfehxan ipv6 flow-export template timeout 2wnzhyfehxan ipv6 flow-export template options export-stats wnzhyfehxan ipv6 flow-export source loopback0wnzhyfehxan ipv6 flow-aggregation cache protocol-portwnzhyfehxan cache entries 20000wnzhyfehxan cache timeout inactive 180wnzhyfehxan !wnzhyfehxan interface GigabitEthernet0/0wnzhyfehxan ipv6 flow egresswnzhyfehxanwnzhyfehxan<)シ幣3>wnzhyfehxanipv6 cefwnzhyfehxanipv6 flow-export version 9wnzhyfehxanipv6 flow-export destination YY.YY.44.100 9876wnzhyfehxanipv6 flow-export source loopback0wnzhyfehxanipv6 flow-export temp time 2wnzhyfehxanipv6 flow-aggregation cache protocol-portwnzhyfehxancache entries 20000wnzhyfehxancache timeout inactive 180wnzhyfehxanwnzhyfehxaninterface GigabitEthernet0/0wnzhyfehxanipv6 flow egresswnzhyfehxanwnzhyfehxanwnzhyfehxan<Uヨxヌ> wnzhyfehxanRack13R1#sh ipv6 flow export template wnzhyfehxan Template Options Flag = 0wnzhyfehxan Total number of Templates added = 1wnzhyfehxan Total active Templates = 1wnzhyfehxan Flow Templates active = 1wnzhyfehxan Flow Templates added = 1wnzhyfehxan Option Templates active = 0wnzhyfehxan Option Templates added = 0wnzhyfehxan Template ager polls = 40wnzhyfehxan Option Template ager polls = 0wnzhyfehxanMain cache version 9 export is enabledwnzhyfehxan Template export informationwnzhyfehxan Template timeout = 2wnzhyfehxan Template refresh rate = 20wnzhyfehxan Option export informationwnzhyfehxan Option timeout = 30wnzhyfehxan Option refresh rate = 20wnzhyfehxanwnzhyfehxanRack13R1#sh ipv6 flow cache aggregation protocol-port wnzhyfehxanIP Flow Switching Cache, 0 byteswnzhyfehxan 0 active, 0 inactive, 0 addedwnzhyfehxan 0 ager polls, 0 flow alloc failureswnzhyfehxan Active flows timeout in 30 minuteswnzhyfehxan Inactive flows timeout in 180 secondswnzhyfehxanwnzhyfehxanwnzhyfehxanSection 3 : IP Multicastwnzhyfehxanwnzhyfehxan3.1 IPv4 Multicast.wnzhyfehxan● Enable multicasting with PIM-SM between area 142 and area 0.wnzhyfehxan● Use a non-cisco proprietary based on the method to send RP information to the other routers joined inwnzhyfehxan multicast routing.wnzhyfehxan● Configure R1 and R2 loopback 0 to be rendezvous point (RP)wnzhyfehxan● Ensure that R1 should be the preferred RP rather than R2wnzhyfehxan● Configure from backbone3 in SW3 as a receiver for the multicast group 239.YY.YY.1wnzhyfehxan● Make sure R4 f0/0 is able to ping this multicast IPwnzhyfehxanwnzhyfehxanR1wnzhyfehxanip multicast-routingwnzhyfehxanwnzhyfehxanint lo 0wnzhyfehxan ip pim sparse-modewnzhyfehxanint s0/1wnzhyfehxan ip pim sparse-modewnzhyfehxanint f0/0wnzhyfehxan ip pim sparse-modewnzhyfehxanwnzhyfehxanip pim bsr-candidate loopback0 0wnzhyfehxanip pim rp-candidate loopback0wnzhyfehxanwnzhyfehxanR2wnzhyfehxanip multicast-routingwnzhyfehxanwnzhyfehxanint lo 0wnzhyfehxan ip pim sparse-modewnzhyfehxanint s0/1wnzhyfehxan ip pim sparse-modewnzhyfehxanint f0/0wnzhyfehxan ip pim sparse-modewnzhyfehxanwnzhyfehxanip pim bsr-candidate loopback0 0wnzhyfehxanip pim rp-candidate loopback0 priority 1wnzhyfehxanwnzhyfehxanR4wnzhyfehxanip multicast-routingwnzhyfehxanwnzhyfehxanint lo 0wnzhyfehxan ip pim sparse-modewnzhyfehxanint s0/0wnzhyfehxan ip pim sparse-modewnzhyfehxanint s0/1wnzhyfehxan ip pim sparse-modewnzhyfehxanint f0/0wnzhyfehxan ip pim sparse-modewnzhyfehxanwnzhyfehxanSW1wnzhyfehxanip multicast-routingwnzhyfehxanwnzhyfehxanint lo 0wnzhyfehxan ip pim sparse-modewnzhyfehxanint f0/1wnzhyfehxan ip pim sparse-modewnzhyfehxanint vlan 123wnzhyfehxan ip pim sparse-modewnzhyfehxanwnzhyfehxanSW2wnzhyfehxanip multicast-routingwnzhyfehxanwnzhyfehxanint lo 0wnzhyfehxan ip pim sparse-modewnzhyfehxanint vlan 123wnzhyfehxan ip pim sparse-modewnzhyfehxanint vlan 33wnzhyfehxan ip igmp join-group 239.YY.YY.1wnzhyfehxanwnzhyfehxanSW3wnzhyfehxanip multicast-routingwnzhyfehxanwnzhyfehxanint lo 0wnzhyfehxan ip pim sparse-modewnzhyfehxanint vlan 123wnzhyfehxan ip pim sparse-modewnzhyfehxanwnzhyfehxanSW4wnzhyfehxanip multicast-routingwnzhyfehxanwnzhyfehxanint lo 0wnzhyfehxan ip pim sparse-modewnzhyfehxanwnzhyfehxanint vlan 42wnzhyfehxan ip pim sparse-modewnzhyfehxanwnzhyfehxanint vlan 123wnzhyfehxan ip pim sparse-modewnzhyfehxanwnzhyfehxanNOTE : wnzhyfehxanSpecifies the priority of the C-RP. Range is from 0 to 255. The default priority value is 0.wnzhyfehxanThe BSR C-RP with the lowest priority value is preferred.wnzhyfehxanwnzhyfehxan<Uヨxヌ> wnzhyfehxanRack13R4#p 239.13.13.1wnzhyfehxanwnzhyfehxanType escape sequence to abort.wnzhyfehxanSending 1, 100-byte ICMP Echos to 239.13.13.1, timeout is 2 seconds:wnzhyfehxanwnzhyfehxanReply to request 0 from 13.13.123.8, 12 mswnzhyfehxanReply to request 0 from 13.13.123.8, 16 mswnzhyfehxanwnzhyfehxanRack13R4#sh ip pim rpwnzhyfehxanGroup: 239.13.13.1, RP: 13.13.1.1, v2, uptime 00:05:36, expires 00:02:08wnzhyfehxanwnzhyfehxanwnzhyfehxanRack13R1#sh ip pim rp mapping wnzhyfehxanPIM Group-to-RP MappingswnzhyfehxanThis system is a candidate RP (v2)wnzhyfehxanwnzhyfehxanGroup(s) 224.0.0.0/4wnzhyfehxan RP 13.13.1.1 (?), v2wnzhyfehxan Info source: 13.13.2.2 (?), via bootstrap, priority 0, holdtime 150wnzhyfehxan Uptime: 00:08:49, expires: 00:01:59wnzhyfehxan RP 13.13.2.2 (?), v2wnzhyfehxan Info source: 13.13.2.2 (?), via bootstrap, priority 1, holdtime 150wnzhyfehxan Uptime: 00:06:32, expires: 00:01:57wnzhyfehxanwnzhyfehxan3.2 PIM TuningwnzhyfehxanEnsure PIM register message should reach RP via SW1.wnzhyfehxanIf SW1 goes down, PIM register messages should reach RP via one of the switches in area 0wnzhyfehxanwnzhyfehxanSW1とSW4wnzhyfehxanint vlan 123wnzhyfehxan ip pim dr-priority 429467290wnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanSection 4 : Advanced Serviceswnzhyfehxanwnzhyfehxan4.1 Network Address Translation (NAT).wnzhyfehxanYou are required to implement NAT.wnzhyfehxanYou need to match the output in the screenshots provided.wnzhyfehxanScreenshot :wnzhyfehxanScreenshot 1 indicated NAT is to be implemented on R4, with nat translations showing SW1 is pinging SW4.wnzhyfehxanScreenshot 2 indicates SW1 pinging 100.100.29.10 with lo100 ip 100.100.17.7wnzhyfehxanScreenshot 3 indicates SW4 pinging 100.100.17.7 with lo100 ip 100.100.29.10wnzhyfehxanwnzhyfehxanNote : You are allowed to add 1 static route on a maximum of 4 devices.wnzhyfehxanwnzhyfehxanNAT do not propagate any prefix from the network 100.0.0.0/8 in any routing protocol you are allowed to add one/24 static in to four devices do not add any static route in R4wnzhyfehxanwnzhyfehxanSW1wnzhyfehxaninterface loopback 100wnzhyfehxan ip add 13.13.100.1 255.255.255.255wnzhyfehxanwnzhyfehxanip route 13.13.200.4 255.255.255.255 13.13.17.1wnzhyfehxanwnzhyfehxanR1wnzhyfehxanip route 13.13.200.4 255.255.255.255 13.13.14.4wnzhyfehxanwnzhyfehxanSW4wnzhyfehxaninterface loopback 100wnzhyfehxan ip add 13.13.200.4 255.255.255.255wnzhyfehxanwnzhyfehxanip route 13.13.100.1 255.255.255.255 13.13.29.2wnzhyfehxanwnzhyfehxanR2wnzhyfehxanip route 13.13.100.1 255.255.255.255 13.13.24.4wnzhyfehxanwnzhyfehxanR4wnzhyfehxaninterface s1/0wnzhyfehxan ip nat outsidewnzhyfehxaninterface s1/1wnzhyfehxan ip nat outsidewnzhyfehxanip nat inside source static 13.13.17.7 13.13.100.1wnzhyfehxanip nat inside source static 13.13.29.10 13.13.200.4wnzhyfehxanwnzhyfehxanwnzhyfehxanRack13R4#sh ip nat translations wnzhyfehxanPro Inside global Inside local Outside local Outside globalwnzhyfehxan--- 13.13.100.1 13.13.17.7 --- ---wnzhyfehxan--- 13.13.200.4 13.13.29.10 --- ---wnzhyfehxanwnzhyfehxanRack13SW1#ping 13.13.200.4 source lo 100wnzhyfehxanRack13SW4#ping 13.13.100.1 source lo 100 wnzhyfehxanwnzhyfehxanRack13R4#sh ip nat translations wnzhyfehxanPro Inside global Inside local Outside local Outside globalwnzhyfehxanicmp 13.13.100.1:1 13.13.17.7:1 13.13.29.10:1 13.13.29.10:1wnzhyfehxanicmp 13.13.100.1:1 13.13.17.7:1 13.13.200.4:1 13.13.200.4:1wnzhyfehxan--- 13.13.100.1 13.13.17.7 --- ---wnzhyfehxanicmp 13.13.200.4:1 13.13.29.10:1 13.13.17.7:1 13.13.17.7:1wnzhyfehxanicmp 13.13.200.4:1 13.13.29.10:1 13.13.100.1:1 13.13.100.1:1wnzhyfehxan--- 13.13.200.4 13.13.29.10wnzhyfehxanwnzhyfehxan4.2 MLS QoS.wnzhyfehxanMake sure that port SW1 f0/1 to f0/5 are making all untagged packets to “COS” 1amd for VOICE Packets to COS5wnzhyfehxanMake sure that these ports are trusting the cos value if packet are already maked.wnzhyfehxanEnsure that all switches are queuing packet marked witch “COS 1”, in the ingress gueue#1wnzhyfehxanEnsure that all switches are queuing packet marked witch “COS 5”, in the ingress gueue#2wnzhyfehxanEnsure that all switch drop ingress traffic marked witch “COS” 1 when the respective ingress queue level is between 40 and 100 persentwnzhyfehxanEnsure that all switch drop ingress traffic marked witch “COS” 5 in ingress until the respective ingress queue in completely fullwnzhyfehxanOnce you complateed this task,only one entry should beshown when taking the outputwnzhyfehxanwnzhyfehxanSW1 / SW2 / SW3 / SW4wnzhyfehxanmls qoswnzhyfehxanmls qos srr-queue input threshold 1 40 100wnzhyfehxanwnzhyfehxanSW1orSW3wnzhyfehxaninterface range f0/1 5wnzhyfehxan mls qos cos 1wnzhyfehxan mls qos trust coswnzhyfehxanwnzhyfehxanwnzhyfehxanshow mls qos input-queuewnzhyfehxanshow mls qos maps cos-input-qwnzhyfehxanwnzhyfehxan4.3 QoS Class Based Weighted Fair Queuing (CBWFQ).wnzhyfehxanThe IT administrator requires that you implement QoS.wnzhyfehxanTraffic from bb2 need to limit to 10000kbit R2 g0/0.wnzhyfehxanTraffic from bb1 need to limit to 1000kbit R3 s0/0/0.wnzhyfehxanThis will not affect any other traffic.wnzhyfehxanwnzhyfehxanR2wnzhyfehxanclass-map BB2wnzhyfehxan match input interface f0/1wnzhyfehxanpolicy-map Qwnzhyfehxan class BB2wnzhyfehxan bandwidth 10000wnzhyfehxaninterface f0/0wnzhyfehxan service-policy output QwnzhyfehxanwnzhyfehxanR3wnzhyfehxanclass-map BB1wnzhyfehxan match input interface f0/0wnzhyfehxanpolicy-map Qwnzhyfehxan class BB1wnzhyfehxan bandwidth 1000wnzhyfehxaninterface s0/0/0wnzhyfehxan service-policy output Qwnzhyfehxanwnzhyfehxan4.4 Web Cashing System (WCCP).wnzhyfehxanThe IT department wants to implement a web-caching solution in neer futurewnzhyfehxan・This should be implemented on R4. wnzhyfehxan・R4 f0/1 connected to Web Server and fa0/0 connected client.wnzhyfehxan・service number 61 and 62 must be used to implement the task.wnzhyfehxan・Use service number 61 for traffic from server to client and service number 62 for traffic from client to server. wnzhyfehxan・traffic from R4 f0/0 to s0/0 or s0/1 need to redirect to f0/1.wnzhyfehxan・You are not allow to change any configuration on f0/0wnzhyfehxanwnzhyfehxanR4wnzhyfehxanip wccp 61wnzhyfehxanip wccp 62wnzhyfehxanip access-list extended STCwnzhyfehxanpermit ip any 13.13.44.0 0.0.0.255wnzhyfehxanip wccp 61 redirect-list STCwnzhyfehxanip access-list extended CTSwnzhyfehxanpermit ip 13.13.44.0 0.0.0.255 anywnzhyfehxanip wccp 62 redirect-list CTSwnzhyfehxaninterface s0/0/0wnzhyfehxanip wccp redirect outwnzhyfehxaninterface s0/0/1wnzhyfehxanip wccp 62 redirect outwnzhyfehxanintface fa0/1wnzhyfehxanip eccp redirect exclude inwnzhyfehxanwnzhyfehxan4.5 Use most secure connection for ospf area 0 with key Cisco. Cannot configure on router configure mode.wnzhyfehxanSecure the ospf Area0 according to the following requirementwnzhyfehxan・Use the strongest authentication typewnzhyfehxan・The password must be saved in clear in the config and must be see to "Cisco"(without quotes)wnzhyfehxan・you are not allowed to use any commands under the router configuration mode to accomplish this taskwnzhyfehxanwnzhyfehxanSW1 / SW2 / SW3 / SW4wnzhyfehxanint vlan 123wnzhyfehxanip ospf authentication message-digest-key 1 md5 Ciscownzhyfehxan ip ospf authentication message-digestwnzhyfehxan no service password-encriptionwnzhyfehxanwnzhyfehxanwnzhyfehxan4.6 DHCP.wnzhyfehxanThere is a DHCP server for vlan 44 on R4 f0/0.wnzhyfehxanYour task is to complete the DHCP configuration on R4 and SW1, R4 is the only one device which could provide DHCP service.wnzhyfehxanAt some point in the future, a printer will be added with mac address ABCD.ABCD.ABCD connect to SW1 f0/14.wnzhyfehxanEnsure that the printer always get the ip YY.YY.44.100 and can user after reboot, use flash:ccie.txt.wnzhyfehxanDisable the function to remove option 82.wnzhyfehxanwnzhyfehxanNote : R4 has full pre-configwnzhyfehxanwnzhyfehxanR4wnzhyfehxanip dhcp excluded-address 12.12.44.4wnzhyfehxanip dhcp excluded-address 12.12.44.200wnzhyfehxanip dhcp excluded-address 12.12.44.45wnzhyfehxanserveice dhcpwnzhyfehxanip dhcp poolwnzhyfehxannetwork 13.13.44.0/24wnzhyfehxandns-server 13.13.44.50 13.13.44.51wnzhyfehxandomain-name cisco.comwnzhyfehxandefault-router 13.13.44.4wnzhyfehxanwnzhyfehxanOnSW1wnzhyfehxanint fa0/14wnzhyfehxanswi acce vlan 44wnzhyfehxanswi mode accewnzhyfehxanwnzhyfehxan4.7 DHCP Security, Dynamic ARP Inspection (DAI).wnzhyfehxan4.7 DHCP Security, Dynamic ARP Inspection (DAI).wnzhyfehxanThe IP defatymrny id worried about DHCP security and invalid ARP /spoofed packets.wnzhyfehxanYou are required to implement a dynamic solution that will counter against an inbalidwnzhyfehxanspoofed DHCP request and arp packets on SW1 fa0/14 needs to secure the connection wnzhyfehxan・allow max 3 connectionwnzhyfehxan・use /flash:CCIE.TXT filewnzhyfehxan・The connection will be exceeded exceedeng the connection will shutdown the portwnzhyfehxan・R4 should be secured form SW1 attackwnzhyfehxan・Disable the switch to insert and to remove DHCP erlay information (option 82 field)wnzhyfehxan・The priinter is able to connect to the port and get the ip address on any timewnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanSW1wnzhyfehxanno ip dhcp snooping information optionwnzhyfehxanip dhcp snoopingwnzhyfehxanip dhcp snooping vlan 44wnzhyfehxanip dhcp snooping database flash:CCIE.TXTwnzhyfehxanip arp inspection vlan 44wnzhyfehxanint fa0/4wnzhyfehxanip dhcp snooping trustwnzhyfehxanip arp inspection trustwnzhyfehxanip source binding abcd.abcd.abcd vlan 44 66.66.44.45 interface fa0/14wnzhyfehxanint fa0/14wnzhyfehxanip verify sourcewnzhyfehxanswi port-securitywnzhyfehxanswi port-security maximum 3wnzhyfehxanswi poert-security violation shutwnzhyfehxanwnzhyfehxanwnzhyfehxanSection 5 : Optimize the Networkwnzhyfehxanwnzhyfehxan5.1 Imprelent SNMPwnzhyfehxanconfigure SNMP on R4 according to following requirementwnzhyfehxanThe NMS systen is located at 12.12.55.13wnzhyfehxanBGP traps shoule be sent to the NMS system using the community string"ciscoworks"wnzhyfehxanDevice having community "ciscoworks"should habe capability to change SNMP MIBs in R4wnzhyfehxanwnzhyfehxanon R4wnzhyfehxanaccess-list 5 permit host 12.12.55.13wnzhyfehxansnmp-server community ciscoworks rw 5wnzhyfehxansnmp-server enable trap BGPwnzhyfehxansnmp-server host 12,12,44,13 ciscoworks bgpwnzhyfehxanwnzhyfehxanwnzhyfehxan5.2Embedded Event Managerwnzhyfehxanconfigure event manager applets on R4 accourding to the following requirementswnzhyfehxan・EEM an applet name "Conf_Change"wnzhyfehxan・EEM applet needs to write the date and time to a file saves in flash(flash://wr_log.txt)or(flash://conf.txt)wnzhyfehxan・EEM applet needs to activate every time someone make changes to the runnning config.wnzhyfehxan・String to be generated "configuration has been changed"wnzhyfehxanwnzhyfehxanR4wnzhyfehxanevent manager applet Conf_Changewnzhyfehxanevent syslog pattern "%PARSER-5-CFGLOG_LOGGEDCMD"wnzhyfehxanaction 1.0 cli command "enable"wnzhyfehxanaction 2.0 cli command "show clock | append flash:Conf.txt"wnzhyfehxanaction 3.0 syslog msg "configuration has been changed"wnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxanwnzhyfehxan
2012年1月4日水曜日
MQC
【Config】
R1(config)#do show run
Building configuration...
Current configuration : 1392 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
class-map match-all voip
match access-group 10
!
!
policy-map voip
class voip
set dscp ef
!
!
!
!
!
!
interface Loopback0
ip address 10.10.10.10 255.0.0.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
speed 100
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
ip address 1.1.1.1 255.0.0.0
service-policy input voip
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
access-list 10 permit 1.1.1.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
R1(config)#
R2(config)#do show run
Building configuration...
Current configuration : 696 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 1.1.1.2 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
!
ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
R2(config)#
【検証】
R2#ping 10.10.10.10 re 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 4/20/60 ms
R1#show policy-map interface
Vlan1
Service-policy input: voip
Class-map: voip (match-all)
1000 packets, 114000 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 10
QoS Set
dscp ef
Packets marked 1000
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R1(config)#do show run
Building configuration...
Current configuration : 1392 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
class-map match-all voip
match access-group 10
!
!
policy-map voip
class voip
set dscp ef
!
!
!
!
!
!
interface Loopback0
ip address 10.10.10.10 255.0.0.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
speed 100
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
ip address 1.1.1.1 255.0.0.0
service-policy input voip
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
access-list 10 permit 1.1.1.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
R1(config)#
R2(config)#do show run
Building configuration...
Current configuration : 696 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 1.1.1.2 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
!
ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
R2(config)#
【検証】
R2#ping 10.10.10.10 re 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 4/20/60 ms
R1#show policy-map interface
Vlan1
Service-policy input: voip
Class-map: voip (match-all)
1000 packets, 114000 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 10
QoS Set
dscp ef
Packets marked 1000
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
登録:
投稿 (Atom)