發饗する琴罵: 11月 2012

2012年11月18日日曜日

ewqfr

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
ipv6 unicast-routing
multilink bundle-name authenticated
mpls label protocol tdp
mpls ldp advertise-labels for 14
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Ethernet1/0
ip address 172.14.8.5 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
full-duplex
ipv6 address 2002:15::1/64
ipv6 enable
ipv6 ospf 1 area 0
mpls ip
!
interface Ethernet1/1
ip address 172.14.8.9 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
full-duplex
ipv6 address 2002:14::1/64
ipv6 enable
ipv6 ospf 1 area 0
mpls ip
!
interface Ethernet1/2
ip address 172.14.8.13 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
full-duplex
mpls ip
!
interface Ethernet1/3
ip address 172.14.8.17 255.255.255.252
rate-limit input access-group 100 8000 1500 2000 conform-action transmit exceed-action drop
ip ospf message-digest-key 1 md5 cisco
full-duplex
mpls ip
!
router ospf 1
router-id 10.1.1.1
log-adjacency-changes
area 0 authentication message-digest
network 10.1.1.1 0.0.0.0 area 0
network 172.14.8.5 0.0.0.0 area 0
network 172.14.8.9 0.0.0.0 area 0
network 172.14.8.13 0.0.0.0 area 0
network 172.14.8.17 0.0.0.0 area 0
!
router bgp 3
bgp cluster-id 12
bgp log-neighbor-changes
neighbor 10.1.1.3 remote-as 3
neighbor 10.1.1.3 update-source Loopback0
neighbor 10.1.1.4 remote-as 3
neighbor 10.1.1.4 update-source Loopback0
neighbor 10.1.1.5 remote-as 3
neighbor 10.1.1.5 update-source Loopback0
neighbor 10.1.1.6 remote-as 3
neighbor 10.1.1.6 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community
neighbor 10.1.1.3 route-reflector-client
neighbor 10.1.1.4 activate
neighbor 10.1.1.4 send-community
neighbor 10.1.1.4 route-reflector-client
neighbor 10.1.1.5 activate
neighbor 10.1.1.5 send-community
neighbor 10.1.1.5 route-reflector-client
neighbor 10.1.1.6 activate
neighbor 10.1.1.6 send-community
neighbor 10.1.1.6 route-reflector-client
auto-summary
synchronization
network 10.1.1.1 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community both
neighbor 10.1.1.3 route-reflector-client
neighbor 10.1.1.4 activate
neighbor 10.1.1.4 send-community both
neighbor 10.1.1.4 route-reflector-client
neighbor 10.1.1.5 activate
neighbor 10.1.1.5 send-community both
neighbor 10.1.1.5 route-reflector-client
neighbor 10.1.1.6 activate
neighbor 10.1.1.6 send-community both
neighbor 10.1.1.6 route-reflector-client
exit-address-family
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 1 permit 10.1.1.1 0.0.0.6
access-list 1 deny any
access-list 14 permit 10.1.1.3
access-list 14 permit 10.1.1.6
access-list 14 permit 10.1.1.4
access-list 14 permit 10.1.1.5
access-list 100 permit icmp host 10.1.1.5 any
access-list 100 permit icmp host 172.14.8.18 any
access-list 100 permit icmp host 172.14.8.22 any
ipv6 router ospf 1
router-id 10.1.1.1
log-adjacency-changes
!
mpls ldp router-id Loopback0
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R10
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
class-map match-all TELNET
match access-group 100
!
policy-map TELNET
class TELNET
police 10000 3000 2500 conform-action drop exceed-action drop violate-action drop
!
interface Loopback0
ip address 10.1.1.10 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Ethernet1/0
ip address 10.10.10.34 255.255.255.252
full-duplex
!
interface Ethernet1/1
ip address 10.10.10.18 255.255.255.252
ip access-group 100 in
full-duplex
!
interface Ethernet1/2
no ip address
shutdown
full-duplex
!
interface Ethernet1/3
ip address 10.10.10.41 255.255.255.252
full-duplex
!
router ospf 10
log-adjacency-changes
network 10.1.1.10 0.0.0.0 area 0
network 10.10.10.18 0.0.0.0 area 0
network 10.10.10.34 0.0.0.0 area 0
network 10.10.10.41 0.0.0.0 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 100 permit tcp any any eq telnet
access-list 100 permit icmp any any
access-list 100 permit ospf any any
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R11
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.11 255.255.255.255
!
interface FastEthernet0/0
ip address 10.10.10.30 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.45 255.255.255.252
duplex auto
speed auto
!
router ospf 10
log-adjacency-changes
network 10.1.1.11 0.0.0.0 area 0
network 10.10.10.30 0.0.0.0 area 0
network 10.10.10.45 0.0.0.0 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R12
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.12 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Ethernet1/0
no ip address
shutdown
full-duplex
!
interface Ethernet1/1
no ip address
shutdown
full-duplex
!
interface Ethernet1/2
no ip address
shutdown
full-duplex
!
interface Ethernet1/3
ip address 10.10.10.38 255.255.255.252
full-duplex
!
router ospf 10
log-adjacency-changes
network 10.1.1.12 0.0.0.0 area 0
network 10.10.10.38 0.0.0.0 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R13
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
class-map match-all mark
match access-group 100
!
policy-map mark
class mark
set precedence 1
!
interface Loopback0
ip address 10.1.1.13 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.46 255.255.255.252
duplex auto
speed auto
service-policy output mark
!
router ospf 10
log-adjacency-changes
network 10.1.1.13 0.0.0.0 area 0
network 10.10.10.46 0.0.0.0 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 100 permit ip host 10.1.1.13 host 10.1.1.7
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R14
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
class-map match-all mark
match access-group 100
!
policy-map mark
class mark
set precedence 1
!
interface Loopback0
ip address 10.1.1.14 255.255.255.255
!
interface FastEthernet0/0
ip address 10.10.10.42 255.255.255.252
duplex auto
speed auto
service-policy output mark
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 10
log-adjacency-changes
network 10.1.1.14 0.0.0.0 area 0
network 10.10.10.42 0.0.0.0 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 100 permit ip host 10.1.1.14 host 10.1.1.7
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R15
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
username R15 password 0 cisco
archive
log config
hidekeys
!
!
class-map match-all mark
match access-group 100
!
policy-map mark
class mark
set precedence 1
!
interface Loopback0
ip address 10.1.1.15 255.255.255.255
!
interface Loopback10
ip address 17.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.14.12.1 255.255.255.252
encapsulation ppp
serial restart-delay 0
clock rate 64000
ppp authentication chap
ppp chap hostname R16
ppp chap password 0 cisco
!
interface Serial1/1
ip address 1.1.10.2 255.255.255.252
serial restart-delay 0
clock rate 64000
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router eigrp 200
network 1.1.10.0 0.0.0.3
network 10.1.1.15 0.0.0.0
network 171.1.1.1 0.0.0.0
network 172.14.12.0 0.0.0.3
no auto-summary
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R16
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
key chain eigrp
key 1
key-string cisco
!
username R16 password 0 cisco
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.16 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.12.9 255.255.255.248
ip authentication mode eigrp 200 md5
ip authentication key-chain eigrp 200 eigrp
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.14.12.2 255.255.255.252
encapsulation ppp
serial restart-delay 0
ppp authentication chap
ppp chap hostname R15
ppp chap password 0 cisco
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router eigrp 200
network 1.1.16.0 0.0.0.3
network 10.1.1.16 0.0.0.0
network 172.14.12.0 0.0.0.3
network 172.14.12.8 0.0.0.7
no auto-summary
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R17
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
key chain eigrp
key 1
key-string cisco
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.17 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.12.10 255.255.255.248
ip authentication mode eigrp 200 md5
ip authentication key-chain eigrp 200 eigrp
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.14.12.17 255.255.255.248
ip authentication mode eigrp 200 md5
ip authentication key-chain eigrp 200 eigrp
duplex auto
speed auto
!
router eigrp 200
network 10.1.1.16 0.0.0.3
network 172.14.12.8 0.0.0.7
network 172.14.12.16 0.0.0.7
no auto-summary
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
ntp authentication-key 1 md5 070C285F4D06 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179830
ntp server 10.1.1.16 key 1
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R18
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
key chain eigrp
key 1
key-string cisco
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.18 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.12.11 255.255.255.248
ip authentication mode eigrp 200 md5
ip authentication key-chain eigrp 200 eigrp
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.14.12.18 255.255.255.248
ip authentication mode eigrp 200 md5
ip authentication key-chain eigrp 200 eigrp
duplex auto
speed auto
!
router eigrp 200
network 10.1.1.16 0.0.0.3
network 172.14.12.8 0.0.0.7
network 172.14.12.16 0.0.0.7
no auto-summary
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
ntp authentication-key 1 md5 030752180500 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179830
ntp server 10.1.1.16 key 1
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R19
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
no ip dhcp use vrf connected
!
ip dhcp pool r17r18
network 172.14.12.16 255.255.255.248
domain-name cisco.com
dns-server 172.14.12.19
default-router 172.14.12.19
!
multilink bundle-name authenticated
!
key chain eigrp
key 1
key-string cisco
!
archive
log config
hidekeys
!
!
class-map match-all udp
match access-group 101
class-map match-all tcp
match access-group 102
!
policy-map copp
class tcp
police cir 8000
conform-action transmit
exceed-action drop
class udp
police cir 8000
conform-action transmit
exceed-action drop
!
interface Loopback0
ip address 10.1.1.19 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.12.19 255.255.255.248
ip authentication mode eigrp 200 md5
ip authentication key-chain eigrp 200 eigrp
duplex auto
speed auto
service-policy output copp
!
interface FastEthernet0/1
ip address 192.168.14.1 255.255.255.252
duplex auto
speed auto
!
router eigrp 200
network 10.1.1.19 0.0.0.0
network 172.14.12.16 0.0.0.7
network 192.168.14.0 0.0.0.3
no auto-summary
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 101 permit udp any any
access-list 102 permit tcp any any
!
control-plane
service-policy output copp
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
ipv6 unicast-routing
multilink bundle-name authenticated
mpls label protocol ldp
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Ethernet1/0
ip address 172.14.8.21 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
full-duplex
mpls ip
!
interface Ethernet1/1
ip address 172.14.8.25 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
full-duplex
mpls ip
!
interface Ethernet1/2
ip address 172.14.8.29 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
full-duplex
ipv6 address 2001:100::2/64
ipv6 enable
ipv6 ospf 1 area 0
mpls ip
!
interface Ethernet1/3
ip address 172.14.8.33 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
full-duplex
ipv6 address 2001:200::2/64
ipv6 enable
ipv6 ospf 1 area 0
mpls ip
!
router ospf 1
router-id 10.1.1.2
log-adjacency-changes
area 0 authentication message-digest
network 10.1.1.2 0.0.0.0 area 0
network 172.14.8.21 0.0.0.0 area 0
network 172.14.8.25 0.0.0.0 area 0
network 172.14.8.29 0.0.0.0 area 0
network 172.14.8.33 0.0.0.0 area 0
!
router bgp 3
bgp cluster-id 12
bgp log-neighbor-changes
neighbor 10.1.1.3 remote-as 3
neighbor 10.1.1.3 update-source Loopback0
neighbor 10.1.1.4 remote-as 3
neighbor 10.1.1.4 update-source Loopback0
neighbor 10.1.1.5 remote-as 3
neighbor 10.1.1.5 update-source Loopback0
neighbor 10.1.1.6 remote-as 3
neighbor 10.1.1.6 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community
neighbor 10.1.1.3 route-reflector-client
neighbor 10.1.1.4 activate
neighbor 10.1.1.4 send-community
neighbor 10.1.1.4 route-reflector-client
neighbor 10.1.1.5 activate
neighbor 10.1.1.5 send-community
neighbor 10.1.1.5 route-reflector-client
neighbor 10.1.1.6 activate
neighbor 10.1.1.6 send-community
neighbor 10.1.1.6 route-reflector-client
no auto-summary
no synchronization
network 10.1.1.2 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community both
neighbor 10.1.1.3 route-reflector-client
neighbor 10.1.1.4 activate
neighbor 10.1.1.4 send-community both
neighbor 10.1.1.4 route-reflector-client
neighbor 10.1.1.5 activate
neighbor 10.1.1.5 send-community both
neighbor 10.1.1.5 route-reflector-client
neighbor 10.1.1.6 activate
neighbor 10.1.1.6 send-community both
neighbor 10.1.1.6 route-reflector-client
exit-address-family
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ip access-list extended ALLOW
permit esp host 172.14.8.34 host 172.14.8.23
permit udp host 172.14.8.34 host 172.14.8.33 eq ntp
permit udp host 172.14.8.34 host 10.1.1.2 eq ntp
permit udp host 172.14.8.34 host 10.1.1.2 eq tftp
permit ospf any any
permit tcp any host 10.1.1.2 eq bgp
permit tcp host 10.1.1.2 any eq bgp
permit eigrp any any
permit icmp any any
permit tcp any any eq 646
permit tcp any eq 646 any
ipv6 router ospf 1
router-id 10.1.1.2
log-adjacency-changes
!
mpls ldp router-id Loopback0
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R20
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.20 255.255.255.255
!
interface Loopback1
ip address 171.2.2.2 255.255.255.255
!
interface Loopback10
ip address 200.20.20.20 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.9.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.29.7.5 255.255.255.252
duplex auto
speed auto
!
interface Serial1/0
ip address 172.29.7.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
router-id 20.20.20.20
log-adjacency-changes
area 101 virtual-link 4.4.4.4
network 10.1.1.20 0.0.0.0 area 0
network 171.2.2.2 0.0.0.0 area 0
network 172.14.9.1 0.0.0.0 area 0
network 172.29.7.2 0.0.0.0 area 101
network 172.29.7.5 0.0.0.0 area 0
network 200.20.20.20 0.0.0.0 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 1 deny 198.168.0.0 0.0.255.255
access-list 1 permit any
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R21
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.21 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.9.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.14.11.1 255.255.255.248
encapsulation frame-relay
ip ospf message-digest-key 1 md5 cisco
ip ospf network point-to-multipoint
serial restart-delay 0
no arp frame-relay
frame-relay map ip 172.14.11.3 315 broadcast
frame-relay map ip 172.14.11.2 314 broadcast
no frame-relay inverse-arp
frame-relay lmi-type ansi
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
area 1 authentication message-digest
area 1 nssa
network 10.1.1.21 0.0.0.0 area 0
network 172.14.9.2 0.0.0.0 area 0
network 172.14.11.1 0.0.0.0 area 1
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R22
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.22 255.255.255.255
!
interface FastEthernet0/0
ip address 172.16.12.22 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.29.7.6 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial1/0
ip address 172.14.9.1 255.255.255.252
ip nat inside
ip virtual-reassembly
encapsulation frame-relay
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
serial restart-delay 0
frame-relay map ip 172.14.9.2 22
no frame-relay inverse-arp
frame-relay lmi-type ansi
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
network 10.1.1.22 0.0.0.0 area 0
network 172.14.9.1 0.0.0.0 area 2
network 172.16.12.22 0.0.0.0 area 2
network 172.29.7.6 0.0.0.0 area 0
neighbor 172.14.9.2
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ip nat inside source route-map Pat_HTTP interface Loopback0 overload
ip nat inside source route-map Pat_ICMP interface Loopback0 overload
ip nat inside source route-map Pat_Telnet interface Loopback0 overload
!
access-list 100 permit tcp 10.1.0.0 0.0.255.255 any eq telnet
access-list 100 permit tcp 172.14.9.0 0.0.0.255 any eq telnet
access-list 101 permit tcp 10.1.0.0 0.0.255.255 any eq www
access-list 101 permit tcp 172.14.9.0 0.0.0.255 any eq www
access-list 102 permit icmp 10.1.0.0 0.0.255.255 any
access-list 102 permit icmp 172.14.9.0 0.0.0.255 any
!
route-map Pat_HTTP permit 10
match ip address 101
!
route-map Pat_ICMP permit 10
match ip address 102
!
route-map Pat_Telnet permit 10
match ip address 100
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 1 4
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R23
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.23 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.9.6 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.14.9.2 255.255.255.252
encapsulation frame-relay
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
serial restart-delay 0
frame-relay map ip 172.14.9.1 23
no frame-relay inverse-arp
frame-relay lmi-type ansi
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
network 10.1.1.23 0.0.0.0 area 2
network 172.14.9.2 0.0.0.0 area 2
network 172.14.9.6 0.0.0.0 area 2
neighbor 172.14.9.1
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R24
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.24 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.11.9 255.255.255.248
ip ospf message-digest-key 1 md5 cisco
ip policy route-map PBR
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.14.11.2 255.255.255.248
encapsulation frame-relay
ip ospf message-digest-key 1 md5 cisco
ip ospf network point-to-multipoint
serial restart-delay 0
no arp frame-relay
frame-relay map ip 172.14.11.1 341 broadcast
frame-relay map ip 172.14.11.3 345 broadcast
no frame-relay inverse-arp
frame-relay lmi-type ansi
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
area 1 authentication message-digest
area 1 nssa
network 10.1.1.24 0.0.0.0 area 1
network 172.14.11.2 0.0.0.0 area 1
network 172.14.11.9 0.0.0.0 area 1
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ip access-list extended PBR
permit ip host 10.1.1.26 host 200.20.20.20
permit ip host 200.20.20.20 host 10.1.1.26
deny ip host 200.20.20.20 any
permit ip any any
!
route-map PBR permit 10
match ip address PBR
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R25
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.25 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.14.11.3 255.255.255.248
encapsulation frame-relay
ip ospf message-digest-key 1 md5 cisco
ip ospf network point-to-multipoint
serial restart-delay 0
no arp frame-relay
frame-relay map ip 172.14.11.2 354 broadcast
frame-relay map ip 172.14.11.1 351 broadcast
no frame-relay inverse-arp
frame-relay lmi-type ansi
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
area 1 authentication message-digest
area 1 nssa
network 10.1.1.25 0.0.0.0 area 1
network 172.14.11.3 0.0.0.0 area 1
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R26
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.26 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.11.10 255.255.255.248
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 198.168.20.1 255.255.255.0
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
area 1 authentication message-digest
area 1 nssa
redistribute rip subnets route-map conn
network 10.1.1.26 0.0.0.0 area 1
network 172.14.11.10 0.0.0.0 area 1
!
router rip
version 2
redistribute ospf 100 metric 1
network 10.0.0.0
network 198.168.20.0
no auto-summary
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ip prefix-list RIP seq 5 permit 198.168.20.0/24
ip prefix-list RIP seq 10 permit 10.1.1.28/32
!
route-map conn permit 10
match ip address prefix-list RIP
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R27
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.27 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.11.11 255.255.255.248
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
area 1 authentication message-digest
area 1 nssa
network 10.1.1.27 0.0.0.0 area 1
network 172.14.11.11 0.0.0.0 area 1
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R28
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.28 255.255.255.255
!
interface Loopback100
ip address 192.168.20.1 255.255.255.255
!
interface FastEthernet0/0
ip address 172.16.12.21 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 198.168.20.2 255.255.255.0
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
network 10.1.1.28 0.0.0.0 area 2
network 172.16.12.20 0.0.0.3 area 2
!
router rip
version 2
network 10.0.0.0
network 192.168.20.0
network 198.168.20.0
no auto-summary
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
ip vrf site-b
rd 20:10
route-target export 20:10
route-target import 20:10
route-target import 20:20
!
multilink bundle-name authenticated
mpls label protocol tdp
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.3 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.8.6 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip address 172.14.8.34 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
mpls ip
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
ip vrf forwarding site-b
ip address 1.1.10.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router eigrp 1
no auto-summary
!
address-family ipv4 vrf site-b
redistribute bgp 3 metric 100000 100 255 1 1500
network 1.1.10.0 0.0.0.3
no auto-summary
autonomous-system 200
exit-address-family
!
router ospf 1
router-id 10.1.1.3
log-adjacency-changes
area 0 authentication message-digest
network 10.1.1.3 0.0.0.0 area 0
network 172.14.8.6 0.0.0.0 area 0
network 172.14.8.34 0.0.0.0 area 0
!
router bgp 3
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 3
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.2 remote-as 3
neighbor 10.1.1.2 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community
no auto-summary
no synchronization
network 10.1.1.3 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community both
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community both
exit-address-family
!
address-family ipv4 vrf site-b
redistribute eigrp 200 metric 1
no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
mpls ldp router-id Loopback0
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router30
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
ip vrf site-a
rd 10:20
route-target export 10:20
route-target import 10:20
route-target import 10:10
!
ipv6 unicast-routing
multilink bundle-name authenticated
mpls label protocol tdp
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.4 255.255.255.255
!
interface Loopback1
ip address 172.1.1.4 255.255.255.255
!
interface Loopback100
no ip address
ipv6 address CC1E:100::100/64
ipv6 ospf 1 area 1
!
interface FastEthernet0/0
ip address 172.14.8.10 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
ipv6 address 2002:14::4/64
ipv6 enable
ipv6 ospf 1 area 0
mpls ip
!
interface FastEthernet0/1
ip address 172.14.8.30 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
ipv6 address 2001:100::4/64
ipv6 enable
ipv6 ospf 1 area 0
mpls ip
!
interface Serial1/0
ip vrf forwarding site-a
ip address 172.29.7.1 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
serial restart-delay 0
clock rate 64000
no fair-queue
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 101 vrf site-a
router-id 4.4.4.4
log-adjacency-changes
area 101 virtual-link 20.20.20.20
redistribute bgp 3 metric 10 subnets
network 172.29.7.1 0.0.0.0 area 101
!
router ospf 1
router-id 10.1.1.4
log-adjacency-changes
area 0 authentication message-digest
network 10.1.1.4 0.0.0.0 area 0
network 172.14.8.10 0.0.0.0 area 0
network 172.14.8.30 0.0.0.0 area 0
!
router bgp 3
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 3
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.2 remote-as 3
neighbor 10.1.1.2 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community
no auto-summary
no synchronization
network 10.1.1.4 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
exit-address-family
!
address-family ipv4 vrf site-a
redistribute ospf 101 vrf site-a match internal external 1 external 2
no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ipv6 router ospf 1
router-id 10.1.1.1
log-adjacency-changes
!
mpls ldp router-id Loopback0
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
ip vrf site-a
rd 10:10
route-target export 10:10
route-target import 10:10
route-target import 10:20
!
ipv6 unicast-routing
multilink bundle-name authenticated
mpls label protocol tdp
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.5 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.8.18 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
ipv6 address 2002:15::5/64
ipv6 enable
ipv6 ospf 1 area 0
mpls ip
!
interface FastEthernet0/1
ip address 172.14.8.22 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
ipv6 address 2001:200::5/64
ipv6 ospf 1 area 0
mpls ip
!
interface Ethernet1/0
ip vrf forwarding site-a
ip address 10.10.10.5 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
full-duplex
ipv6 address 2002:58::5/64
ipv6 enable
!
interface Ethernet1/1
no ip address
shutdown
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
router ospf 101 vrf site-a
router-id 5.5.5.5
log-adjacency-changes
redistribute bgp 3 metric 10 metric-type 1 subnets
network 10.10.10.5 0.0.0.0 area 0
distance ospf external 220
!
router ospf 1
router-id 10.1.1.5
log-adjacency-changes
area 0 authentication message-digest
network 10.1.1.5 0.0.0.0 area 0
network 172.14.8.18 0.0.0.0 area 0
network 172.14.8.22 0.0.0.0 area 0
!
router bgp 3
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 3
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.2 remote-as 3
neighbor 10.1.1.2 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community
no auto-summary
no synchronization
network 10.1.1.5 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
exit-address-family
!
address-family ipv4 vrf site-a
redistribute ospf 101 vrf site-a match internal external 1 external 2
no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ipv6 router ospf 1
log-adjacency-changes
!
mpls ldp router-id Loopback0
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
ip vrf site-b
rd 20:20
route-target export 20:20
route-target import 20:20
route-target import 20:10
!
multilink bundle-name authenticated
mpls label protocol tdp
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.6 255.255.255.255
!
interface FastEthernet0/0
ip address 172.14.8.14 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip address 172.14.8.26 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
mpls ip
!
interface Ethernet1/0
no ip address
shutdown
half-duplex
!
interface Ethernet1/1
no ip address
shutdown
half-duplex
!
interface Ethernet1/2
ip vrf forwarding site-b
ip address 10.10.10.1 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
full-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
router ospf 101 vrf site-b
router-id 6.6.6.6
log-adjacency-changes
redistribute bgp 3 metric 10 metric-type 1 subnets
network 10.10.10.1 0.0.0.0 area 0
distance ospf external 220
!
router ospf 1
log-adjacency-changes
area 0 authentication message-digest
network 10.1.1.6 0.0.0.0 area 0
network 172.14.8.14 0.0.0.0 area 0
network 172.14.8.26 0.0.0.0 area 0
!
router bgp 3
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 3
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.2 remote-as 3
neighbor 10.1.1.2 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community
no auto-summary
no synchronization
network 10.1.1.6 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
exit-address-family
!
address-family ipv4 vrf site-b
redistribute ospf 101 vrf site-b match internal external 1 external 2
no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
mpls ldp router-id Loopback0
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R7
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.7 255.255.255.255
!
interface Loopback10
ip address 171.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.10.10.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Ethernet1/0
ip address 10.10.10.9 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
full-duplex
!
interface Ethernet1/1
ip address 10.10.10.17 255.255.255.252
full-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
ip address 10.10.10.25 255.255.255.252
full-duplex
!
router ospf 100
router-id 7.7.7.7
log-adjacency-changes
redistribute connected subnets
network 10.1.1.7 0.0.0.0 area 0
network 10.10.10.2 0.0.0.0 area 0
network 10.10.10.9 0.0.0.0 area 0
network 10.10.10.17 0.0.0.0 area 0
network 10.10.10.25 0.0.0.0 area 0
!
router ospf 101
router-id 10.1.1.7
log-adjacency-changes
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 100 deny tcp any any eq telnet
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R8
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
interface Loopback0
ip address 10.1.1.8 255.255.255.255
!
interface Loopback1
ip address 171.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.10.10.6 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
ipv6 address autoconfig
ipv6 enable
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Ethernet1/0
ip address 10.10.10.33 255.255.255.252
full-duplex
!
interface Ethernet1/1
no ip address
shutdown
full-duplex
!
interface Ethernet1/2
ip address 10.10.10.21 255.255.255.252
full-duplex
!
interface Ethernet1/3
ip address 10.10.10.26 255.255.255.252
full-duplex
!
router ospf 100
router-id 8.8.8.8
log-adjacency-changes
redistribute connected metric 10000 subnets
network 10.1.1.8 0.0.0.0 area 0
network 10.10.10.6 0.0.0.0 area 0
network 10.10.10.21 0.0.0.0 area 0
network 10.10.10.26 0.0.0.0 area 0
network 10.10.10.33 0.0.0.0 area 0
network 171.1.1.1 0.0.0.0 area 0
!
router ospf 101
router-id 10.1.1.8
log-adjacency-changes
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ipv6 router ospf 1
log-adjacency-changes
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R9
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
class-map match-all GOLD
match access-group 100
class-map match-all BRONZE
match access-group 101
class-map match-all SILVER
match access-group 102
!
policy-map CPP
class GOLD
bandwidth percent 20
class SILVER
police 1000000
class BRONZE
police 300000
!
interface Loopback0
ip address 10.1.1.9 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Ethernet1/0
ip address 10.10.10.10 255.255.255.252
full-duplex
service-policy output CPP
!
interface Ethernet1/1
ip address 10.10.10.29 255.255.255.252
ip policy route-map PBR
full-duplex
!
interface Ethernet1/2
ip address 10.10.10.22 255.255.255.252
full-duplex
service-policy output CPP
!
interface Ethernet1/3
ip address 10.10.10.37 255.255.255.252
ip policy route-map PBR
full-duplex
!
router ospf 10
log-adjacency-changes
network 10.1.1.9 0.0.0.0 area 0
network 10.10.10.10 0.0.0.0 area 0
network 10.10.10.22 0.0.0.0 area 0
network 10.10.10.29 0.0.0.0 area 0
network 10.10.10.37 0.0.0.0 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ip access-list extended PBR
permit ip host 10.1.1.11 any
permit ip host 10.1.1.12 any
access-list 100 permit ip any any precedence priority
access-list 101 permit ip any any precedence immediate
access-list 102 permit ip any any precedence flash-override
!
route-map PBR permit 10
match ip address PBR
set ip next-hop 10.10.10.21
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
switchport access vlan 810
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
switchport mode trunk
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
switchport mode trunk
!
interface Vlan1
no ip address
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
end
!

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
switchport access vlan 810
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
switchport mode trunk
!
interface Vlan1
no ip address
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TG2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
class-map match-all mark
match access-group 100
!
policy-map mark
class mark
set precedence 1
!
interface Loopback0
ip address 10.1.1.13 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.46 255.255.255.252
duplex auto
speed auto
service-policy output mark
!
router ospf 10
log-adjacency-changes
network 10.1.1.13 0.0.0.0 area 0
network 10.10.10.46 0.0.0.0 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 100 permit ip host 10.1.1.13 host 10.1.1.7
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
end

2012年11月17日土曜日

http://www.alaxala.com/jp/techinfo/archive/manual/AX6700S/html/11_3/CFGUIDE3/0343.HTM#ID00981

http://www.alaxala.com/jp/techinfo/archive/manual/AX6700S/html/11_3/CFGUIDE3/0163.HTM#ID00342

2012年11月7日水曜日

gya

##NetScreenの設定を初期化
-> get system
　・・・
Serial Number: xxxxxxxxxxxxxxxx
　・・・
テキストファイルに保存しおくと便利

２．シリアル番号でログインする
ID、パスワード共にシリアル番号を入力してNetScreenにログインする
ログインすると初期化のプロセスが走り出す
login: xxxxxxxxxxxxxxxx
password: xxxxxxxxxxxxxxxx
!!! Lost Password Reset !!! You have initiated a command to reset the device to factory defaults,
clearing all current configuration and settings. Would you like to continue? y/[n] y

##NetScreenでホスト名を設定する
ns5xt-> set ho hogehoge
hogehoge->
hogehoge->

##NetScreenではリンクダウン等でALARMのLEDランプが点灯した場合、自動では消灯しない
portscanを検知した場合などもALARMランプが点灯する。

[Reports] --> [System Log] --> [Event]
で、[clear]を押してもALARMランプは消えない。

次のコマンドを実行しないかぎり消灯しない。

> clear led alarm

##NetScreenでパケットキャプチャ（基本）

hogehoge-> snoop
Start Snoop, type ESC or 'snoop off' to stop, continue? [y]/n y
hogehoge-> snoop off
Snoop off
hogehoge-> get dbuf stream ?
> redirect output
| match output
<return>
all from all slots
<number> percentage offset of debug buffer(0-99)
hogehoge-> get dbuf stream | i icmp

##
OSあげ
hogehoge-> save software from flash to tftp 1.1.1.1 test

OSさげ
save software from tftp 1.1.1.1 test to flash

##NetScreenでNTPを使って強制的に時刻同期
hogehoge-> set clock dst-off
hogehoge-> set clock ntp
hogehoge-> set clock timezone 9
hogehoge-> set ntp server 1.1.1.3
hogehoge-> ping 1.1.1.3
!!!!!
hogehoge-> exec ntp up
update do the update from this server

##NetScreenで設定を保存する
hogehoge-> set console page 0
hogehoge-> get config
Total Config size 2859:
set clock dst-off
set clock ntp
set clock timezone 9
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "trust" zone "Trust"
set interface "untrust" zone "Untrust"
unset interface vlan1 ip
set interface trust ip 1.1.1.2/24
set interface trust route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface trust ip manageable
set interface trust dhcp server service
set interface trust dhcp server auto
set interface trust dhcp server option gateway 192.168.1.1
set interface trust dhcp server option netmask 255.255.255.0
set interface trust dhcp server ip 192.168.1.33 to 192.168.1.126
set flow tcp-mss
unset flow no-tcp-seq-check
set flow tcp-syn-check
set console page 0
set hostname hogehoge

set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit
set policy id 1
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
set ntp server "1.1.1.3"
set ntp server src-interface "trust"
set modem speed 115200
set modem retry 3
set modem interval 10
set modem idle-time 10
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
hogehoge->

##NetScreen で speed と duplex を設定する
hogehoge-> set interface trust phy full 100mb
hogehoge-> trust interface change state to Down
hogehoge-> set interface trust phy auto
hogehoge-> trust interface change state to Up

##NetScreenで設定をTFTPサーバにバックアップする
hogehoge-> save conf from flash to tftp 1.1.1.1 gegeg
Read config from flash.
System config (1012 bytes) loaded
.
Done.

2012年11月6日火曜日

pougya

1. FRAME RELAY (2points)

Requires R15 to telnet to R13 and R14 loopbacks

R13

interface Serial0/0
ip address 172.16.13.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf network point-to-point
ip ospf priority 255
serial restart-delay 0
no snmp trap link-status
no fair-queue
frame-relay map ip 172.16.13.1 341
frame-relay map ip 172.16.13.3 345
ip pim sparse-dense-mode

R14

interface Serial0/0
ip address 172.16.13.3 255.255.255.252

ip ospf message-digest-key 1 md5 cisco
ip ospf network point-to-pointt
serial restart-delay 0
no fair-queue
frame-relay lmi-type ansi

R15

interface Serial1/0
ip address 172.16.13.1 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf network point-to-point
serial restart-delay 0
no fair-queue
frame-relay lmi-type ansi

Prob.4 > Wrong sub-interface type--
Prob.9 > FR switch
Prob.12 > R15

2. HRSP (2 points)

Ensure the output of "show standby" on R22 and R23 is the same as shown below

R22 being the active unit with a priority configured of 100 (not by default), and also a track 1 configured and up, with a decrement value of 60.
R23 is the standby unit, using the default priority value (100), no authentication, with preempt, track 1 configured and up, with a decrement value of 60.

Initial Configs ()
R22
track 1 ip route 0.0.0.0 0.0.0.0 reachability→R13へ
track 1 ip route 1.1.70.0 255.255.255.0 reachability→R21へ
!
interface Ethernet0/0
ip address 172.16.10.10 255.255.255.248
half-duplex
standby 1 ip 172.16.10.14
standby 1 priority 150
standby 1 preempt
standby 1 track 1 shutdown

R23
!
interface Ethernet0/0
ip address 172.16.10.11 255.255.255.248
half-duplex
standby 1 ip 172.16.10.14
standby 1 priority 150
standby 1 track 1 shutdown
standby 1 preempt
standby 1 authentication md5 key-string cisco

R21(1.1.70.0/24 だった場合)
router eigrp 200
redistribute ospf 1 route-map PREFIX
distribute-list route-map PREFIX
network 172.16.10.22 0.0.0.0
network 172.16.10.26 0.0.0.0
no auto-summary
!
route-map PREFIX permit 10
match ip address 1
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.0.255.255

R13(DefaultRouteだった場合)
!
router ospf 1
log-adjacency-changes
area 1 nssa
network 10.1.1.13 0.0.0.0 area 0
network 172.16.13.2 0.0.0.0 area 1
network 172.16.14.42 0.0.0.0 area 0

Prob.5 > Distribute-list on R21
Prob.6 > R22, R23
Prob.7 > R22

3. NTP (2 points)

R13 NTP cannot synchronize with R5, Fix it

Initial Configs ()
R5
ntp authentication-key 1 md5 030758020337
ntp master 2

R13

ntp authentication-key 1 md5 cisco
ntp server 10.1.1.5 key 1

R9

interface Ethernet0/0
ip address 172.16.14.1 255.255.255.248
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip igmp access-group 10
ip access-group deny_udp in
half-duplex
!

ip access-list extended deny_udp
deny udp any any eq ntp

R11

interface Ethernet1/0
ip address 172.16.14.34 255.255.255.248
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip pim sparse-dense-mode
ip access-group deny_udp in
half-duplex
!

ip access-list extended deny_udp
deny udp any any eq ntp

Prob.1 > R5
Prob.2 > R9
Prob.3 > R9

Verification steps:

R5/R13#show ntp association detail <--should be synchronized and sane

4. PPP/RIP (2 points)

R24 cannot ping R29 192.168.20.1, Fix it

Initial Configs ()
R25
service password-encryption
!

interface Serial1/0 ---> connecting to R29
ip address 172.16.9.1 255.255.255.248
encapsulation ppp
serial restart-delay 0
no fair-queue
!
router eigrp 200
network 10.1.1.25 0.0.0.0
network 172.16.10.77 0.0.0.0
!
version 1
network 172.16.0.0

R29
no service password-encryption
!
interface Loopback1
ip address 192.168.20.1 255.255.255.255
!
interface Serial1/0
ip address 172.16.9.2 255.255.255.248
encapsulation ppp
serial restart-delay 0
no fair-queue
ppp chap hostname ccie
ppp chap password 0 cisco
!
router rip
network 172.16.0.0

Verification steps:

R25/R29#show ip interface brief <--serial1/0 should be up
R25#show ip route <--should see the network 192.168.20.0
R24#telnet 192.168.20.1
open...

5. OSPF (3 points)

PC 10.1.1.20 on R20 cannot ping PC 10.1.1.28 on R28, Fix it

Initial Configs ()
R18

router ospf 1
router-id 10.1.1.18
log-adjacency-changes
area 0 max lsa X
area 3 virtual-link 10.1.1.16 authentication message-digest
area 3 virtual-link 10.1.1.16 message-digest-key 1 md5 cisco
network 10.1.1.18 0.0.0.0 area 0
network 10.10.10.1 0.0.0.0 area 0
network 172.16.12.6 0.0.0.0 area 3
!
ip route X.X.X.X 0.0.0.X.172.16.12.5 --->pointing toward R17

R17

interface Ethernet0/0
ip address 172.16.12.5 255.255.255.252
ip access-group 111 in
half-duplex
!
router ospf 1
area 0 max lsa 5
!
interface Ethernet1/0
ip address 172.16.12.2 255.255.255.252
ip ospf network point-to-point
half-duplex

ip access-list extended 111
deny icmp any any
permit udp any any
permit ospf any any
permit tcp any any
!
ip route X.X.X.X 0.0.0.X 172.16.12.6 --->pointing toward R18

R16
interface Ethernet2/0 ---> facing R17
ip address 172.16.12.1 255.255.255.252
ip ospf network broadcast
half-duplex
!
router ospf 1
router-id 10.1.1.16
log-adjacency-changes
area 3 virtual-link 10.1.1.18 authentication message-digest
area 3 virtual-link 10.1.1.18 message-digest-key 1 md5 cisc0
network 10.1.1.16 0.0.0.0 area 3
network 172.16.12.1 0.0.0.0 area 3
network 172.32.10.2 0.0.0.0 area 1
distribute-list 12 in e1/0

R8

router eigrp 200
redistribute ospf 1 metric 100000 100 255 1 1500
network 10.1.1.8 0.0.0.0
network 172.16.16.21 0.0.0.0
no auto-summary
!
router ospf 1
log-adjacency-changes
redistribute eigrp 200 subnets
network 172.32.10.1 0.0.0.0 area 1
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 10.1.1.8 mask 255.255.255.255
neighbor 10.1.1.6 remote-as 200
neighbor 10.1.1.6 password cisco
neighbor 10.1.1.6 update-source Loopback0
neighbor 10.1.1.6 route-reflector-client
neighbor 10.1.1.6 next-hop-self
neighbor 197.68.3.2 remote-as 300
no auto-summary

R27
router ospf 1
log-adjacency-changes
network 10.1.1.27 0.0.0.0 area 0
network 172.16.17.9 0.0.0.0 area 0
!
router bgp 300
no synchronization
bgp log-neighbor-changes
bgp default local-preference 200
network 10.1.1.27 mask 255.255.255.255
neighbor 10.1.1.28 remote-as 300
neighbor 10.1.1.28 update-source Loopback0
neighbor 197.68.3.1 remote-as 200
no auto-summary

Prob.3 > R20 area 0
Prob.8 > R16 distribute-list
Prob.9 > R18 distribute list

6. ZBFW (2 points)

R30 cannot telnet R31, fix it
R30#telnet 10.1.1.31
Trying open 10.1.1.31
User verification
.....
--> Should match the given "show policy‐map type inspect zone-pair sessions" output. R31 is in outside zone, R30 was in inside zone.

Initial Configs ()
R29
class-map type inspect match-all telneticmp
match protocol telnet
match protocol icmp
class-map type inspect match-all http
match protocol http
class-map type inspect match-all outbound
match access-group name from R30toR31
!
class type inspect outbound
inspect
class type inspect telneticmp
inspect
class type inspect http
inspect
!
zone security zonein
zone security zoneout
!
zone-pair security inbound source zoneout destination zonein
zone-pair security outbound source zonein destination zoneout
!

interface Ethernet2/0<-- to R30
ip address 172.16.39.29 255.255.255.248
no shutdown
zone-member security zoneout
half-duplex
!
interface Ethernet2/1 <-- to R31
ip address 172.16.129.29 255.255.255.248
no shutdown
zone-member security zonein
half-duplex
!
ip access-list extended R30toR31
permit ip host 172.16.39.30 host 10.1.1.31
permit ip host 10.1.1.30 host 10.1.1.31
permit ip host 10.1.1.30 host 172.16.129.31
permit ip host 172.16.39.30 host 172.16.129.31
!

router rip
version 2
network 172.16.0.0
network 192.168.20.0
no auto-summary

R30
interface Loopback0
ip address 10.1.1.30 255.255.255.255
!
interface Ethernet0/0
ip address 172.16.39.30 255.255.255.248
half-duplex
no shutdown
!

R31

interface Loopback0
ip address 10.1.1.31 255.255.255.255
!
interface Ethernet0/0
ip address 172.16.129.31 255.255.255.248
half-duplex
no shutdown
!
Prob.8 > R29

7. BGP (2 points)

R28 must see two next hop for the network 1.100.100.100 in show ip bgp table
R28 must see 2 paths in BGP tableｷ・
R28 must select path through R26ｷ・
Not allowed to touch AS100ｷ・& 300 configuration (variable depending on the Lab)

Initial Configs ()
R6
router bgp 200
bgp log-neighbor-changes
network 10.1.1.6 mask 255.255.255.255
neighbor 10.1.1.2 remote-as 200
neighbor 10.1.1.2 update-source Loopback0
neighbor 10.1.1.2 route-reflector-client
neighbor 10.1.1.7 remote-as 200
neighbor 10.1.1.7 update-source Loopback0
neighbor 10.1.1.7 route-reflector-client
neighbor 10.1.1.8 remote-as 200
neighbor 10.1.1.8 update-source Loopback0
no auto-summary

R7

router bgp 200
synchronization
bgp log-neighbor-changes
network 10.1.1.7 mask 255.255.255.255
bgp maxas-limit 1
neighbor 10.1.1.6 remote-as 200
neighbor 10.1.1.6 update-source Loopback0
neighbor 10.1.1.6 route-reflector-client
neighbor 197.68.2.2 remote-as 300
neighbor 197.68.2.2 route-map toas300 out
no auto-summary
!
route-map toas300 permit 10
match ip address toas300
set metric 99
!
ip access-list extended toas300
permit ip any any

R8
router bgp 200
bgp log-neighbor-changes
network 10.1.1.8 mask 255.255.255.255
neighbor 10.1.1.6 remote-as 200
neighbor 10.1.1.6 password cisc0
neighbor 10.1.1.6 update-source Loopback0
neighbor 10.1.1.6 next-hop-self
neighbor 197.68.3.2 remote-as 300
neighbor 197.68.3.2 route-map toas300 out
no auto-summary
!
route-map toas300 permit 10
match ip address toas300
!
ip access-list extended toas300
permit ip any any

R26
router bgp 300
no synchronization
bgp log-neighbor-changes
network 10.1.1.26 mask 255.255.255.255
neighbor 10.1.1.28 remote-as 300
neighbor 10.1.1.28 update-source Loopback0
neighbor 197.68.2.1 remote-as 200
no auto-summary

R27
router bgp 300
no synchronization
bgp log-neighbor-changes
network 10.1.1.27 mask 255.255.255.255
neighbor 10.1.1.28 remote-as 300
neighbor 10.1.1.28 update-source Loopback0
neighbor 197.68.3.1 remote-as 200
no auto-summary

Prob.2 > R7
Prob.3 > R7
Prob.6 > R7,
Prob.10 > R8

Verification steps:

R28# sh ip bgp 1.100.100.100 <-- should see two possible next hops R26 & R2R with R26 being the preferred next hop

8. IPv6 (2 points)

R1 can not telnet R4 IPv6 address 2011:ABC:34::4, fix the problem

Note: Not allowed to delete any configuration!

Initial Configs ()
R1
ipv6 unicast-routing
!
interface Loopback1
ip address 10.1.1.1 255.255.255.255
ip pim sparse-dense-mode
!
interface Ethernet1/0
ip address 172.16.15.1 255.255.255.248
ip pim sparse-dense-mode
half-duplex
ipv6 address 2011:ABC:13::1/64
ipv6 ospf 1 area 0
!
ipv6 router ospf 1
log-adjacency-changes
router-id 10.1.1.4

R3
ipv6 unicast-routing
!
interface Ethernet0/0
ip address 172.16.15.9 255.255.255.248
ip pim sparse-dense-mode
half-duplex
ipv6 address 2011:ABC:34::3/64
ipv6 ospf 1 area 0
!
interface Ethernet1/0
ip address 172.16.15.2 255.255.255.248
ip pim sparse-dense-mode
half-duplex
ipv6 address 2011:ABC:13::3/64
ipv6 ospf 1 area 0
ipv6 traffic-filter filter in
!
ipv6 access-list filter
deny ipv6 any any routing

R4
ipv6 unicast-routing

interface Ethernet0/0
ip address 172.16.15.10 255.255.255.248
ip pim sparse-dense-mode
half-duplex
ipv6 address 2011:ABC:34::4/64
ipv6 ospf 1 area 0
!
ipv6 router ospf 1
log-adjacency-changes

Summary of issues

a. R3 ACL Blocking Ipv6 traffic <-- should add explicit rules for link‐local addresses
ipv6 access-list filter

permit 89 any host FF02::5 seq 1 <-- OSPFv3 Multicast dest IP
permit 89 any host FF02::6 seq 2
permit 89 host <R1 link local> host <R3 link local> seq 3
permit icmp any any seq 4
deny ipv6 any any (by default seq 10) <-- don't touch
b. R1/R4 Duplicate router-id <-- make sure R1 router-id is set to its Loopback1 IP

Verification steps:

R1# ping 2011:ABC:34::4

9. MST (2 points)

R10 must reach R9 in a single hop, SW1 (or SW2) is not allowed to be touched
SW1
hostname SW1
no aaa new-model
clock timezone CSRT 8
!
ip cef
!
no ipv6 cef
!
spanning-tree mode mst
spanning-tree extended system-id
!
spanning-tree mst configuration
name cisco
instance 1 vlan 102,119
instance 2 vlan 109,129
!
spanning-tree mst 2 priority 0
vlan internal allocation policy ascendeing
!
int e0/0
swi
swi acce vlan 102
swi mode acce
!
int e0/1
swi
shutdown
!
int e0/2
swi
swi acce vlan 129
swi mode acce
!
int e0/3
swi
swi acce vlan 109
swi mode acce
!
int e1/0
swi
swi acce vlan 102
swi mode acce
!
int e1/1
swi
shut
!
int 1/2
swi
swi acce vlan 110
swi mode acce
!
int e1/3
swi
shut
!
int e2/0
swi
swi trunk encapsualtion dot1q
swi mode trunk
!
int e2/1
swi
swi trunk enc dot1q
swi mode trunk
shut
!
int e2/2
swi
shut
!
int e2/3
swi
shut

SW2
hostname SW2
no aaa new-model
clock timezone CSRT 8
!
ip cef
!
no ipv6 cef
!
spanning-tree mode mst
spanning-tree extended system-id
!
spanning-tree mst configuration
name cisco
instance 1 vlan 102,119
instance 2 vlan 109,129
!
spanning-tree mst 2 priority 24576
vlan internal allocation policy ascendeing
!
int e0/0
swi
swi acce vlan 110
swi mode acce
!
int e0/1
swi
swi acce vlan 109
swi mode acce
!
int e0/2
swi
shut
!
int e0/3
swi
swi acce vlan 119
swi mode acc
!
int e1/0
swi
shut
!
int e1/1
swi
swi acce vlan 129
swi mode accce
!
int 1/2
swi
shut
!
int e1/3
swi
swi acce vlan 119
swi mode access
!
int e2/0
swi
swi trunk encapsualtion dot1q
swi mode trunk
!
int e2/1
swi
swi trunk enc dot1q
swi mode trunk
shut
!
int e2/2
swi
shut
!
int e2/3
swi
shut

R9
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R9
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
ip multicast-routing
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
vlan internal allocation policy ascending
!
interface Loopback0
ip address 10.1.1.9 255.255.255.255
ip pim sparse-dense-mode
!
interface FastEthernet0/0
ip address 172.16.14.1 255.255.255.248
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no switchport
ip address 172.16.14.33 255.255.255.248
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip igmp access-group 10
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
no ip address
!
router ospf 1
log-adjacency-changes
network 10.1.1.9 0.0.0.0 area 0
network 172.16.14.1 0.0.0.0 area 0
network 172.16.14.33 0.0.0.0 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ip pim rp-address 10.1.1.3
!
access-list 10 deny 10.1.1.3
!
control-plane
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
!
end

Note: This question has 02 completely different requirements depending on the Lab. On Some Lab, you are required to not SW1 and on some you are required to not touched SW2.

a. Vlan R9-R10 is blocked on the trunk1 and allowed on trunk2. But trunk2 is in spanning blocking state for MSTX (which contains) Vlan R9-R10. Which make the link between R9-R10 being down <-- Just lower the port-priority on trunk2 so it can became the forwarding port or raise the port-priority on trunk1 son trunk2 can be preferred.
interface ex/y
spanning-tree mst x port-priority 0
Note: The switch denied to be touched is the root for the mst containing the vlan between R9-R10
b. R9 Exiting route-map dropping some traffic <-- the route map selects certain traffic and has an explicit deny. Put another route‐map with the permit statement

10. MSDP (3 points)

R13 cannot ping R28 group 224.8.8.8 in AS 200, Fix it

(R8->R6->R2)->(R1->R3->R5)->R9->R11->R13
AS200 AS100

R8
ip multicast-routing
!
interface Loopback0
ip address 10.1.1.8 255.255.255.255
ip pim sparse-dense-mode
ip igmp join-group 224.8.8.8
!

interface Ethernet0/0
ip address 172.16.16.21 255.255.255.248
half-duplex
!
router eigrp 200
redistribute ospf 1 metric 100000 100 255 1 1500
redistribute bgp 200 metric 100000 100 255 1 1500
network 10.1.1.8 0.0.0.0
network 172.16.16.21 0.0.0.0
no auto-summary
!
ip pim rp-address 10.1.1.2

R6
ip multicast-routing
!
interface Loopback0
ip address 10.1.1.6 255.255.255.255
ip pim sparse-dense-mode
!
interface Ethernet0/0
ip address 172.16.16.19 255.255.255.248
half-duplex
!
interface Ethernet1/0
ip address 172.16.16.2 255.255.255.248
ip pim sparse-dense-mode
half-duplex
!
router eigrp 200
network 10.1.1.6 0.0.0.0
network 172.16.16.2 0.0.0.0
network 172.16.16.19 0.0.0.0
no auto-summary
!

R2
interface Loopback0
ip address 10.1.1.2 255.255.255.255
ip pim sparse-dense-mode
!
interface Loopback1
ip address 200.0.0.1 255.255.255.255
ip pim sparse-dense-mode
!
interface Ethernet0/0
ip address 197.68.1.2 255.255.255.252
ip pim sparse-dense-mode
half-duplex
ipv6 address 2011:ABC:12::2/64
ipv6 ospf 1 area 0
!
interface Ethernet1/0
ip address 172.16.16.1 255.255.255.248
ip pim sparse-dense-mode
half-duplex
!
router eigrp 200
network 10.1.1.2 0.0.0.0
network 172.16.16.1 0.0.0.0
no auto-summary
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 10.1.1.1 mask 255.255.255.255
neighbor 10.1.1.6 remote-as 200
neighbor 10.1.1.6 update-source Loopback0
neighbor 10.1.1.6 next-hop-self
neighbor 197.68.1.1 remote-as 100
no auto-summary
!
address-family ipv4 unicast
no synchronization
network 10.1.1.2 mask 255.255.255.255
redistribute eigrp 200
neighbor 10.1.1.6 activate
neighbor 10.1.1.6 next-hop-self
neighbor 197.68.1.1 activate
exit-address-family
!
address-family ipv4 multicast
network 200.0.0.1 mask 255.255.255.255
neighbor 197.68.1.1 activate
no auto-summary
exit-address-family
!
ip msdp peer 10.1.1.3 connect-source Loopback1 remote-as 100
!
ip pim rp-address 10.1.1.2

R1

ip multicast-routing
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
ip pim sparse-dense-mode
!
interface Ethernet0/0
ip address 197.68.1.1 255.255.255.252
ip pim sparse-dense-mode
half-duplex
ipv6 address 2011:ABC:12::1/64
ipv6 ospf 1 area 0
!
interface Ethernet1/0
ip address 172.16.15.1 255.255.255.248
ip pim sparse-dense-mode
half-duplex
ipv6 address 2011:ABC:13::1/64
ipv6 ospf 1 area 0
!
router ospf 1
log-adjacency-changes
network 10.1.1.1 0.0.0.0 area 3
network 172.16.15.1 0.0.0.0 area 3
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 1.100.100.100 mask 255.255.255.255
network 10.1.1.1 mask 255.255.255.255
neighbor 10.1.1.3 remote-as 100
neighbor 10.1.1.3 update-source Loopback0
neighbor 10.1.1.3 next-hop-self
neighbor 197.68.1.2 remote-as 200
neighbor 197.68.1.2 route-map as100 out
no auto-summary
!

address-family ipv4 unicast
no synchronization
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 next-hop-self
neighbor 197.68.1.2 activate
exit-address-family
!
address-family ipv4 multicast
neighbor 10.1.1.3 activate
no auto-summary
exit-address-family

ip pim rp-address 10.1.1.3

R3
ip multicast-routing
!
interface Loopback0
ip address 10.1.1.3 255.255.255.255
ip pim sparse-dense-mode
!

interface Loopback1
ip address 200.0.0.3 255.255.255.255
ip pim sparse-dense-mode
!
interface Ethernet0/0
ip address 172.16.15.9 255.255.255.248
ip pim sparse-dense-mode
half-duplex
ipv6 address 2011:ABC:34::3/64
ipv6 ospf 1 area 0
!
interface Ethernet1/0
ip address 172.16.15.2 255.255.255.248
ip pim sparse-dense-mode
half-duplex
ipv6 address 2011:ABC:13::3/64
ipv6 ospf 1 area 0
ipv6 traffic-filter filter in
!
router ospf 1
log-adjacency-changes
network 10.1.1.3 0.0.0.0 area 3
network 172.16.15.2 0.0.0.0 area 3
network 172.16.15.9 0.0.0.0 area 3
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 10.1.1.3 mask 255.255.255.255
neighbor 10.1.1.1 remote-as 100
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.1 route-reflector-client
neighbor 10.1.1.4 remote-as 100
neighbor 10.1.1.4 update-source Loopback0
neighbor 10.1.1.4 route-reflector-client
neighbor 10.1.1.5 remote-as 100
neighbor 10.1.1.5 update-source Loopback0
neighbor 10.1.1.5 route-reflector-client
no auto-summary
!

address-family ipv4 unicast
no synchronization
network 10.1.1.3 mask 255.255.255.255
neighbor 10.1.1.1 activate
exit-address-family
!
address-family ipv4 multicast
network 200.0.0.3 mask 255.255.255.255
neighbor 10.1.1.1 activate
no auto-summary
exit-address-family
!
ip msdp peer 10.1.1.2 connect-source loopback 0 remote-as 200
!
ip pim rp-address 10.1.1.3

R9

interface Loopback0
ip address 10.1.1.9 255.255.255.255
ip pim sparse-dense-mode
!
interface Ethernet0/0
ip address 172.16.14.1 255.255.255.248
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip igmp access-group 10
half-duplex
!
interface Ethernet1/0
ip address 172.16.14.33 255.255.255.248
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
half-duplex
!
access-list 10 deny 10.1.1.3

Summary of issues

a. Wrong MSDP source and peer IPs <---
R3:ip msdp peer 200.0.0.2 connect-source loopback 1 remote-as 200
R2:ip msdp peer 200.0.0.3 connect-source Loopback1 remote-as 100
b. R6/R9 Missing RP config <-- R6: ip pim rp-address 10.1.1.2, R9: ip pim rp-address 10.1.1.3
c. R8 Missing PIM command on R8 interface <-- enable ip pim sparse-dense-mode on the interface connecting R8->R6
d. R9 IGMP traffic being blocked <-- change the ACL 10 to permit any
e. R1 Missing OSPF/BGP address-family ipv4 multicast redistribution<-- under R1 address-family ipv4 multicast, add the command "redistribute ospf 1"

###################################################
###################################################
###################################################

1. FRAME RELAY (2points)

Requires R15 to telnet to R13 and R14 loopbacks

R13

interface Serial0/0
ip address 172.16.13.2 255.255.255.248
encapsulation frame-relay
ip ospf network broadcast or point-to-multipoint
frame-relay map ip 172.16.13.4 341 broadcast
frame-relay map ip 172.16.13.3 345 broadcast
frame-relay lmi-type cisco
no frame-relay inverse arp

R14
interface Serial0/0
ip address 172.16.13.4 255.255.255.248
encapsulation frame-relay
ip ospf network broadcast or point-to-multipoint
frame-relay map ip 172.16.13.2 314 broadcast
frame-relay map ip 172.16.13.3 315 broadcast
frame-relay lmi-type cisco
no frame-relay inverse arp

R15
interface Serial1/0
ip address 172.16.13.3 255.255.255.248
encapsulation frame-relay
ip ospf network broadcast or point-to-multipoint
frame-relay map ip 172.16.13.4 351 broadcast
frame-relay map ip 172.16.13.2 354 broadcast
frame-relay lmi-type cisco
no frame-relay inverse arp

Verification steps:

show frame‐relay map <--DLCI should be active
sh run interface s0/0/0
R15# telnet 10.1.1.14
....open

R15# telnet 10.1.1.14
....open

Prob.4 > Wrong sub-interface type-- in case sub-interface is used, it should be always multipoint
Prob.9 > FR switch not configured with two dlci 345 334 (if It is allowed to touch)
Prob.12 > R15 password is “cIsco” change it to “cisco” --------- (26 Aug Update )

2. HRSP (2 points)

Ensure the output of "show standby" on R22 and R23 is the same as shown below

R22 being the active unit with a priority configured of 100 (not by default), and also a track 1 configured and up, with a decrement value of 60.
R23 is the standby unit, using the default priority value (100), no authentication, with preempt, track 1 configured and up, with a decrement value of 60.

R22
interface Ethernet0/0
standby 1 priority 100
standby 1 track 1 decrement 60
no standby 1 preempt

R23
interface Ethernet0/0
no standby 1 priority 150
no standby 1 authentication md5 key-string cisco
standby 1 track 1 decrement 60

R21(1.1.70.0/24 だった場合)
router eigrp 200
redistribute ospf 1 metric 10000 100 255 1 1500 route-map PREFIX

!
route-map PREFIX permit 10
match ip address 1
!
access-list 1 permit 1.1.70.0 0.0.0.255

R13(DefaultRouteだった場合)
!
router ospf 1
area 1 nssa default-information originate allways

Verification steps:
R22/R23#show standby <--should match exactly the output given

Make sure to add the metric "values" and "access-list 1 permit 1.1.70.0 0.0.0.255"
Prob.5 > Distribute-list on R21 EIGRP ---- permit the network 1.1.70.0/24 in that prefix-list and
And also on R21 when redistributing OSPF in EIGRP route-map is applied which uses
Access-list on which network 1.1.70.0/24 is explicitly denied permit that specific
Network -------- (26 Aug Update)
Prob.6 > R22, R23 HSRP standby outputR22 will be standby, preemption disabled, pri def 100 . R23
Will a be ctive , preemp enabled There was st track 1 shut down on R22. I removed it. It
was so easy question as usual. ---- (update from candidate who face it on 16 Aug)

Prob.7 > R22 - Priority was 150, change to default, Standby ip was in Group 2, change to Group 0, Track route was there, but standby track 1 shutdown was there, I changed to standby track 1 reachability decrement 10
3. NTP (2 points)

R13 NTP cannot synchronize with R5, Fix it

R5
ntp authentication-key 1 md5 cisco

R13
ntp authentication-key 1 md5 cisco
ntp server 10.1.1.5 key 1
ntp authentication
ntp trusted-key

R9
ip access-list extended deny_udp
permit ip any any

R11
!
ip access-list extended deny_udp
permit ip any any

Prob.1 > R5 Missing trust-key command
Prob.2 > R9 Access list blocking UDP traffic ------- Change it to permit
Prob.3 > R9 configured class map to NTP...in that Remove Drop command in policy Map

Verification steps:
R5/R13#show ntp association detail <--should be synchronized and sane

4. PPP/RIP (2 points)
R24 cannot ping R29 192.168.20.1, Fix it

R25
username ccie password cisco

interface Serial1/0 ---> connecting to R29
ip address 172.16.9.1 255.255.255.248
clockrate 512000
ppp authentication chap
!
router eigrp 200
redistribute rip metric 100000 100 255 1 1500
no auto-summary
!
router rip
version 2

R29
interface Serial1/0
ip address 172.16.9.2 255.255.255.248
encapsulation ppp
ppp chap hostname ccie
ppp chap password 0 cisco
!
router rip
version 2
network 172.16.0.0
no auto-summary

Verification steps:
R25/R29#show ip interface brief <--serial1/0 should be up
R25#show ip route <--should see the network 192.168.20.0
R24#telnet 192.168.20.1
open...

5. OSPF (3 points)
R18
no ip route X.X.X.X 0.0.0.X.172.16.12.5 --->pointing toward R17
router ospf 1
no area 0 max lsa X

R17
interface Ethernet1/0
ip ospf network broadcast
!
ip access-list extended 111
permit icmp any any
!
router ospf 1
no area 0 max lsa 5
!
no ip route X.X.X.X 0.0.0.X 172.16.12.6--->pointing toward R18

R16
interface Ethernet2/0 ---> facing R17
ip ospf network broadcast
!
router ospf 1
area 3 virtual-link 10.1.1.18 message-digest-key 1 md5 cisco
distribute-list 12 in e1/0
!
access-list 12 permit ip any

R8
router ospf 1
redistribute bgp 200 subnets
!
router bgp 200
no synchronization
redistribute ospf 1

R27
router bgp 300
neighbor 10.1.1.28 next-hop-self

Summary of issues
Verification steps:

R20#ping 10.1.1.28 source loopback0
trying open 10.1.1.28
user verification
password:

Prob.3 > R20 area 0 authentication message-digest
Prob.8 > R16 distribute-list locking the n/w 10.1.1.28
Prob.9 > R18 distribute list in its E0/1 interface

6. ZBFW (2 points)
R29
class-map type inspect match-all telneticmp
no match protocol icmp
!
policy-map type inspect outbound
policy-map type inspect inbound
!
zone-pair security inbound source zoneout destination zonein
service-policy type inspect inbound
zone-pair security outbound source zonein destination zoneout
service-policy type inspect outbound
!
interface Ethernet2/0<-- to R30
zone-member security zonein
!
interface Ethernet2/1 <-- to R31
zone-member security zoneout
!
ip route 10.1.1.30 255.255.255.255 172.16.39.30
ip route 10.1.1.31 255.255.255.255 172.16.129.31

R30
ip route 0.0.0.0 0.0.0.0 172.16.39.29

R31
ip route 0.0.0.0 0.0.0.0 172.16.129.29

Prob.8 > R29 under policy-map change pass to inspect

Verification steps:

R30#telnet 10.1.1.31
Trying open 10.1.1.31
User verification
.....
then -->R29#show policy‐map type inspect zone-pair sessions <-- should match exactly the given output

7. BGP (2 points)
R28 must see two next hop for the network 1.100.100.100 in show ip bgp table
R28 must see 2 paths in BGP tableｷ・
R28 must select path through R26ｷ・
Not allowed to touch AS100ｷ・& 300 configuration (variable depending on the Lab)

R6
router bgp 200
no synchronization
neighbor 10.1.1.8 route-reflector-client
neighbor 10.1.1.8 password cisco
no auto-summary

R7
router bgp 200
no synchronization
bgp default local-preference 200
no bgp maxas-limit 1
neighbor 10.1.1.6 next-hop-self
neighbor 197.68.2.2 next-hop-self
!
route-map toas300 permit 10
set metric 100
!

R8
router bgp 200
no synchronization
bgp default local-preference 200
neighbor 10.1.1.6 password cisco
neighbor 10.1.1.6 route-reflector-client
redistribute ospf 1
!
route-map toas300 permit 10
set metric 100
!

R26
router bgp 300
bgp default local-preference 200

R27
router bgp 300
bgp default local-preference 200
nei 10.1.1.28 next-hop-self

Prob.2 > R7 Metric is Higher Make it Lower Than R8 ie 99 ------ Adjust it according to the Question
Prob.3 > R7 remove community list or modify it according to the question (neighbor 172.16.11.11 route-map out) route-map community match community 666
Prob.6 > R7, change route-map MED to 99
Prob.10 > R8 has COPP policy on Control plane, remove it or correct with no drop.

Verification steps:
R28# sh ip bgp 1.100.100.100 <-- should see two possible next hops R26 & R2R with R26 being the preferred next hop

8. IPv6 (2 points)
R1 can not telnet R4 IPv6 address 2011:ABC:34::4, fix the problem

R1
ipv6 router ospf 1
router-id 10.1.1.1

R3
interface Ethernet1/0
ipv6 traffic-filter filter in
!
ipv6 access-list filter
permit 89 any host FF02::5 seq 1 <-- OSPFv3 Multicast dest IP
permit 89 any host FF02::6 seq 2
permit 89 host <R1 link local> host <R3 link local> seq 3
permit icmp any any seq 4
deny ipv6 any any

R4
ipv6 router ospf 1
router-id 10.1.1.4
Summary of issues

Verification steps:

R1# ping 2011:ABC:34::4

9. MST (2 points)
R10 must reach R9 in a single hop, SW1 (or SW2) is not allowed to be touched

SW2
int e0/1
spanning-tree mst 1 port-priority 0
!

R9
でroute-map が入ってる場合は新しいのをもうひとつつくること。
b. R9 Exiting route-map dropping some traffic <-- the route map selects certain traffic and has an explicit deny. Put another route‐map with the permit statement
route-map kakuninnhituyou
match ip add 1

Prob.1 > One trunk link has removed vlan 109.make other trunk link priority lower so that it is
Preferred
Prob.2 > One trunk link has removed vlan 109.and same trunk link has mst priority 0 change it to 240
Prob.3 > removed vlan 109/911
Prob.4 > Trunk is not defined
Prob.5 > Access port not defined --------------------------------------- ( Aug 26 update)
Prob.6 > SW1-SW2 has no mapping of vlan 109 --------- instance 1 vlan 109 On both Switches
Prob.7 > R9 Exiting route-map dropping some traffic
Prob.8 > R10 was in wrong vlan - change to vlan 109 ------------- (31 Aug Update)

10. MSDP (3 points)
R13 cannot ping R28 group 224.8.8.8 in AS 200, Fix it
(R8->R6->R2)->(R1->R3->R5)->R9->R11->R13
AS200 AS100

R8
interface Ethernet0/0
ip pim sparse-dense-mode

R6
interface Ethernet0/0
ip pim sparse-dense-mode
!
ip pim rp-address 10.1.1.2

R2
ip msdp peer 200.0.0.3 connect-source Loopback1 remote-as 100
!
ip pim rp-address 10.1.1.2

R1
router bgp 100
address-family ipv4 multicast
redistribute ospf 1
exit-address-family

R3
ip msdp peer 200.0.0.3 connect-source loopback 1 remote-as 200
!
ip pim rp-address 10.1.1.3

R9
access-list 10 permit any
ip pim rp-address 10.1.1.3

Problems:-
Prob.1 > R3 change msdp loopback0 to lo1 200.0.0.1
Prob.2 > R2-R3 originator-id lo1
Prob.3 > R2 rp-address 200.0.0.1
Prob.4 > R2 MSDP peer lo1
Prob.5 > R1/R11 assign RP address 100.0.0.1
Prob.6 > R6 assign RP address 10.1.1.8
Prob.7 > R3 Access-list 111 change to permit (Alternate pre config) ip msdp redistribute list 111
Prob.8 > R2 Enable pim on Serial link
Prob.9 > R1 Redistribute Mutually Wrong
Prob.10 > For MSDP, they have static mroutes on R5 which point R13 to wrong destination.
I can't recall exactly what the mroute was.
Prob.11 > For MSDP, R8 was not joined to the IGMP group they want you to ping.
Prob.12 > For MSDP, connect source AS missing on the statements
Prob.13 > For MSDP, wrong source interface used on R3 side.
Prob.14 > R9 missing rp configuration
Prob.15 > R9 IGMP traffic being blocked -- change the ACL 10 to permit any
Prob.16 > R1 Missing OSPF/BGP address-family ipv4 multicast redistribution
Prob.17 > R3 ip msdp sa-filter in 10.1.1.2 ------------------------------------------- remove it
Prob.18 > R6 Multicast routing is disabled ---- Enable multicast routing and put the interface
into sparse-dense mode

登録: 投稿 (Atom)

發饗する琴罵

2012年11月18日日曜日

ewqfr

2012年11月17日土曜日

2012年11月7日水曜日

gya

2012年11月6日火曜日

pougya

自己紹介

ブログアーカイブ

2012年11月18日日曜日

ewqfr

2012年11月17日土曜日

2012年11月7日水曜日

gya

2012年11月6日火曜日

pougya

自己紹介

ブログ アーカイブ

ブログアーカイブ