k2

K2 CEF也关了 ，LOGGing也是关掉的默认情况下 注： 所有loopback0地址为Y.Y.X.X/32 //30 31 33 38是HK的 Y 示机架号 X 表示设备号 Z 表示任意数字 虚线 表示逻辑连接 正文中绿色为配置命令 所有设备配置： enable conf t line console 0 exec-t 0 0 logg s exit no ip do lo int loopback 0 ip add Y.Y.X.X host X Section 1 Layer 2 Technologies The following has been pre-configured on your exam: • Vlan trunk protocol(VTP)the mode is transparent，and domain is CCIE. • PPP on the serial link between R2 and R3 注释： 所有交换机VTP模式为transparent，域名为 CCIE 4台交换机同时配置： vtp domain CCIE vtp mode transparent R2、R3封装PPP： R2（config）# interface Serial 0/1 R2（config-if）# encapsulation ppp R2（config-if）# clock rate 64000 R2（config-if）# no shut R3（config）# interface Serial 0/1 R3（config-if）# encapsulation ppp R3（config-if）# no shut Vlan ports assignments are per the table below: VLAN ID VLAN NAME Router Port 11 Marketing R1 Gi0/1 12 Sales R1 Gi0/1 20 Engineering R2 Gi0/0 30 HR R3 Gi0/0 33 BB3 SW3 F0/10 42 ISP42 R4 F0/0 SW2 51 ISP51 R5 F0/1 54 ISPBB R4 F0/1; R5 F0/0 234 Support R2 Gi0/1 243 QA SW2 SW3 SW4 300 Admin R3 Gi0/1 4台交换机同时配置： Vlan 11 name Marketing Vlan 12 name Sales Vlan 20 name Engineering Vlan 30 name HR Vlan 33 name BB3 Vlan 42 name ISP42 Vlan 51 name ISP51 Vlan 54 name ISPBB Vlan 234 name Support Vlan 243 name OA Vlan 300 name Admin exit SW1配置： int f0/2 switchport mode access switchport access vlan 20 exit int f0/3 switchport mode access switchport access vlan 30 exit int f0/4 switchport mode access switchport access vlan 42 exit int f0/5 switchport mode access switchport access vlan 54 exit SW2配置： int f0/2 switchport mode access switchport access vlan 234 exit int f0/3 switchport mode access switchport access vlan 300 exit int f0/4 switchport mode access switchport access vlan 54 exit int f0/5 switchport mode access switchport access vlan 51 exit SW3配置： int f0/10 switchport mode access switchport access vlan 33 exit 1.1 Troubleshooting layer 2 swithing Two faults has been injected into the pre-configurations.These issues may XXXX,for certain portions of the lab.You must …. 预配置中有两个错误，改正一个得2分。 第一个错误在R1。 interface G0/1.11 encapsulation dot1q 11 native 解决方法： interface G0/1.11 no encapsulation dot1q 11 native encapsulation dot1q 11 ip address YY.YY.0.97 255.255.255.224 第二个错误在SW3。 monitor session 20 destination interface Fa0/10 解决方法： no monitor session all interface Fa0/10 switchport access vlan 33 interface vlan33 ip address 150.3.YY.1 255.255.255.0 还有如下几个错误： 1、 在Sw3上有初始的配置命令“monitor session 1 destination interface f0/10”，这条命令会将f0/10口的2层全部干掉，直接no monitro session all掉。（该命令是在全局下） 2、 R1和R3的帧中继口有命令“no keepalive”，要将这条命令no掉。 3、 R1的两个子接口做单臂路由，有初始命令encapsulated dot1q 30 native。 4、 R1的vlan11的子接口上多个一个native 参数，去掉即可 5、 在交换机上可能会有做COPP，做了acl deny ip any any 6、 SW3上可能没有vlan 33 1.2 Provisioning a robust layer 2 core Configure the appropriate features according to the following requirements: • Deploying 802.1W on all four switches • Ensure that the spanning tree enters the forwarding state immediately for all the access switchports ,bypassing the listening and learing states.Do not change the default configuration affecting all access swithports(Ports connected to the backbone are not considered access ports.) • Avoid transmitting bridge protocol data units (BPDUS) on any access switch ports ,If a BPDU is received on any of these ports,the port should be shutdown immediately.Use a single command per switch to accomplish this. • Ensure that all four switches are able to read unidirectional failure for any switch to switchport . The affected port should be disabled in the event of a link failure 注释： 4台交换机全部开启rapid-pvst 所有access接口开启portfast(BB接口除外) 拒绝BPDU 所有access接口开启bpduguard,并收到BPDU后shutdown接口 交换机互联接口开启UDLD 解法： 4台交换机开启RSTP，UDLD，bpduguard ： Sw1(config)#spanning-tree mode rapid-pvst Sw1(config)#spanning-tree portfast bpduguard default Sw1(config)#interface range FastEthernet 0/19 - 24 Sw1(config-if-range)#udld port aggressive sw2(config)#spanning-tree mode rapid-pvst sw2(config)#spanning-tree portfast bpduguard default sw2(config)#interface range FastEthernet 0/19 - 24 sw2(config-if-range)#udld port aggressive sw3(config)#spanning-tree mode rapid-pvst sw3(config)#spanning-tree portfast bpduguard default sw3(config)#interface range FastEthernet 0/19 - 24 sw3(config-if-range)#udld port aggressive sw4(config)#spanning-tree mode rapid-pvst sw4(config)#spanning-tree portfast bpduguard default sw4(config)#interface range FastEthernet 0/19 - 24 sw4(config-if-range)#udld port aggressive 在access口开启portfast特性： Sw1(config)#interface range FastEthernet 0/2 -5 Sw1(config-if-range)#spanning-tree portfast Sw2(config)#interface range FastEthernet 0/2 -5 Sw2(config-if-range)#spanning-tree portfast Sw3(config)#interface FastEthernet 0/10 Sw3(config-if)#spanning-tree bpduguard disable //因为SW1、SW2的f0/10为3层接口，所以不需要配置。如果BB3是交换机，抢根的话，必须在F0/10口再打上spanning-tree bgdpfilter enable 1.3 Switch Trunk Ports Configure the trunk ports between SW1,SW2,SW3 and SW4 according to the following requirements: • Use 802.1q encapsulations on all ports. • The switches should not actively attempt to convert the links to trunk link by negotiating the trunk mode • Utilize Etherchannel between all the switches interconnections using IEEE standard protocol to actively negotiate channel. • Etherchannel load balancing should be accomplished by destination address • Configure port of fa0/1 on SW2 . Ensure that only vlan Sales and Marketing are allowed on that port. • Configure the backbone ports on sw1 and sw2 to be a routed interfaces. 注释： 4台交换机之间配置全互联的Trunk 使用802.1q封装 关闭DTP 使用IEEE配置Etherchannel SW2的F0/1配置VLAN 12和11的单臂路由，并且只允许这两个VLAN SW1配置： interface range f0/19 - 24 switchport trunk encapsulation dot1Q switchport mode trunk switchport nonegotiate shut exit interface range fa0/19 - 20 channel-group 13 mode active exit interface range fa0/21 - 22 channel-group 14 mode active exit interface range f0/23 - 24 channel-group 12 mode active exit port-channel load-balance dst-ip int f0/10 no switchport ip add 150.1.Y.1 255.255.255.0 exit SW2配置： interface range f0/19 - 24 switchport trunk encapsulation dot1Q switchport mode trunk switchport nonegotiate shut exit interface range f0/19 - 20 channel-group 24 mode active exit interface range f0/21 - 22 channel-group 23 mode active exit interface range f0/23 - 24 channel-group 12 mode active exit port-channel load-balance dst-ip interface f0/1 switchport trunk encapsulation dot1Q switchport mode trunk switchport nonego switchport trunk allowed vlan 11,12 no shut exit int f0/10 no switchport ip add 150.2.Y.1 255.255.255.0 exit SW3配置： interface range f0/19 - 24 switchport trunk encapsulation dot1Q switchport mode trunk switchport nonegotiate shut exit interface range f0/19 - 20 channel-group 13 mode active exit interface range f0/21 - 22 channel-group 23 mode active exit interface range f0/23 - 24 channel-group 34 mode active interface port-channel 34 exit port-channel load-balance dst-ip int vlan 33 ip add 150.3.Y.1 255.255.255.0 exit SW4配置： interface range f0/19 - 24 switchport trunk encapsulation dot1Q switchport mode trunk switchport nonegotiate shut exit interface range f0/19 - 20 channel-group 24 mode active exit interface range f0/21 -22 channel-group 14 mode active exit interface range f0/23 - 24 channel-group 34 mode active exit port-channel load-balance dst-ip Sw1/Sw2/Sw3/Sw4 Sw1-Sw4 (config)#interface range FastEthernet 0/19 – 24 Sw1-Sw4 (config-if-range) no shut 建议配置port-channel 后show run int port-cahnnel XX看下有无trunk配置，没有需要配置上去 如果不行，则所有物理口和逻辑port-channel都 shut再no shut 友情提示：#show int port-channel [X] 友情提示：#show int trunk show etherchannel summary 看到port-channel 为(SU)， ports为（P）是OK的 show int status err-disabled R1配置： R1(config)#interface FastEthernet 0/1 R1(config-if)#no shut R1(config)#interface FastEthernet 0/1.11 R1(config-if)#encapsulation dot1Q 11 R1(config-if)#ip add Y.Y.0.65 255.255.255.224 R1(config)#interface FastEthernet 0/1.12 R1(config-if)#encapsulation dot1Q 12 R1(config-if)#ip add Y.Y.128.97 255.255.255.224 1.4 Spanning Tree Root Switch Configure the switches according to the following requirements: Top • SW1 should be the root switch for all VLANs,Ensure to give sw1 highest probability even if another switch is inserted in topology in the future. • SW4 should never become the root for any Vlan .Ensure this occures without changing the switch priority (without using the “spanning tree primary” command.) 注释： SW1为所有VLAN的根，配置高优先级 SW4永远不成为任何VLAN的根，不能改优先级。 SW1配置: spanning-tree vlan 1-4094 priority 0 配置根防护: SW1配置： Sw1(config)#interface port-channel 14 Sw1(config-if)#spanning-tree guard root SW2配置： Sw2(config)#interface port-channel 24 Sw2(config-if)#spanning-tree guard root SW3配置： Sw3(config)#interface port-channel 34 Sw3(config-if)#spanning-tree guard root 注意：如果考试需求让SW2和SW3成为备份根 在SW2和SW3上做 Sw2-3(config)#spanning-tree vlan 1-4094 priority 4096 1.5 Switch Management Configure sw1 so that a dynamic entry in the mac address table for the Engineering Vlan will be aged out twice as fast as for the other VLANs. 注释： 修改SW1上VLAN 20的MAC地址老化时间为其它的一半 SW1配置: mac address-table aging-time 150 vlan 20 查看老化时间 show mac address-table aging-time 1.6 Port Mirroring Configure port monitoring on SW3 according to the following requirements: • The transmit and receive traffic on ports F0/1 through F0/8 and the Etherchannel port-channel for F0/19 -20 should be monitored • A copy of the traffic should be forwarded to Fa0/11 注释： 将SW3上F0/1-8和port-channel F0/19 -20的双向流量复制发送到F0/11 SW3配置： monitor session 1 source interface fa0/1 – 8 , port 13 both monitor session 1 destination interface fa0/11 encapsulation replicate 老师的破机架只能支持只有1个输出物理接口，输入都支持。 验证：show monitor session 1 1.7 Implement Frame-relay Configure R1 and R3 for frame relay,configuring R5 as the frame relay switch according to the following requirements: • Use cisco LMI on FR switch on R5 and autosense on R1 and R3. • Don’t use any static frame-relay maps • Use frame-relay encapsulation as “cisco” • Use the DLCI assignment from the table below • Use the point-to-point interface type,use the DLCI numbers as sub-interface number. • Keep the layer 3 addressing and routing requirements in mind when configuring frame relay(use only the ip addresses specified in Diagram 1) Frame relay DLCI Assignments： R1 0/1 FR switch 0/0 231 R3 0/0 FR Switch 0/1 233 注释： R1和R3上配置FR，R5为FR交换机 1、在R5上配置LMI-YTPE为cisco，R1和R3自动感知 2、不能使用静态映射 3、使用cisco封装FR 4、DLCI分配如下表 5、使用P2P接口类型，且使用DLCI号作为子接口号 R5配置： frame-relay switching interface Serial0/0 no ip address encapsulation frame-relay clock rate 64000 frame-relay lmi-type cisco frame-relay intf-type dce frame-relay route 231 interface Serial0/1 233 no shut exit interface Serial0/1 no ip address encapsulation frame-relay clock rate 64000 frame-relay lmi-type cisco frame-relay intf-type dce frame-relay route 233 interface Serial0/0 231 no shut exit R1配置： interface serial 0/1 no ip address encapsulation frame-relay no arp frame-relay no frame-relay inverse-arp no shut exit interface serial 0/1.13 point-to-point frame-relay interface-dlci 231 ppp Virtual-Template1 exit interface Virtual-Template 1 no ip address ppp multilink ppp multilink group 1 exit int multilink1 ip unnumber loopback 0 exit R3配置： interface serial 0/0 no ip address encapsulation frame-relay no arp frame-relay no frame-relay inverse-arp no shut exit interface serial 0/0.13 point-to-point frame-relay interface-dlci 233 ppp Virtual-Template1 //子接口对应的DLCI号是233，封装PPP的接口，放在（调用）Virtual-Template1 模板 exit interface Virtual-Template 1 no ip address ppp multilink ppp multilink group 1 // Virtual-Template1进行PPP多链路绑定，它属于绑定组1 exit int multilink1 ip unnumber loopback 0 exit R5:show controllers s0/0查看DCE和DTE关系 继续完成如下配置： R1配置：这个单臂路由R1配置前面有了所以我这里 R2配置： int f0/0 ip add Y.Y.0.2 255.255.255.0 exit int f0/1 ip add Y.Y.128.193 255.255.255.224 exit int s0/1 encapsulation ppp ip unnumbered f0/0 clock rate 64000 no sh exit R3配置： int f0/0 ip add Y.Y.0.33 255.255.255.224 no sh exit int f0/1 ip add Y.Y.0.1 255.255.255.224 no sh exit int s0/1 encapsulation ppp //学习到对方32位主机路由 ip unnumbered f0/1 clock rate 64000 no sh exit R4配置： int f0/0 ip add Y.Y.128.130 255.255.255.224 no sh exit int f0/1 ip add Y.Y.254.2 255.255.255.0 no sh exit R5配置： int f0/0 ip add Y.Y.254.1 255.255.255.0 no sh exit int f0/1 ip add Y.Y.0.130 255.255.255.224 no sh exit SW1配置： int vlan 51 ip add Y.Y.0.129 255.255.255.224 exit int vlan 12 ip add Y.Y.128.98 255.255.255.224 exit SW2配置： int vlan 42 ip add Y.Y.128.129 255.255.255.224 exit int vlan 243 ip add Y.Y.128.163 255.255.255.224 exit SW3配置： int vlan 243 ip add Y.Y.128.161 255.255.255.224 exit int vlan 234 ip add Y.Y.128.195 255.255.255.224 exit SW4配置： int vlan 243 ip add Y.Y.128.162 255.255.255.224 exit int vlan 234 ip add Y.Y.128.194 255.255.255.224 exit R2,R3：show ip route PPP封装，学习到对方32位主机路由 Section 2 Layer 3 Technologies 2.1 Implement IPv4 OSPF Part1 Configure the OSPF area 0 and area 51 as per the IGP topology diagram and the following requirements: • The process ID can be any number. • Loopback0 interfaces should be advertised in any OSPF area for all non-MPLS Devices. • Updates should be advertised only out of the interfaces that are indicated in the IGP topology diagram. • SW1 should always generate a default route into the OSPF domain. • The BB1 link should be seen as External OSPF routes in the OSPF domain. • Make sure that the interfaces are seen in the correct are as per the diagram. • Do not create additional OSPF areas. 注释： 配置area 0和area 51 可以使用任何进程号 Loopback 0 可以在任何area SW1始终要发默认路由 SW1连BB1的接口被重分布进OSPF SW1配置： Ip routing route-map con permit 10 match interface f0/10 exit router ospf Y router-id Y.Y.7.7 network Y.Y.0.129 0.0.0.0 area 51 network Y.Y.128.98 0.0.0.0 area 0 network Y.Y.7.7 0.0.0.0 area 0 redistribute connected subnets route-map con default-information originate always exit R1配置： router ospf Y router-id Y.Y.1.1 network Y.Y.128.97 0.0.0.0 area 0 network Y.Y.1.1 0.0.0.0 area 0 network Y.Y.0.65 0.0.0.0 area 0 R3配置： router ospf Y router-id Y.Y.3.3 network Y.Y.3.3 0.0.0.0 area 0 OR Int mul 1 Ip os Y area 0 Exit Int loopback 0 Ip os Y area 1 查看R3的路由表show ip route 2.2 Implement IPv4 OSPF Part2 Configure the OSPF area 1 as per the IGP topology diagram and the following requirements: • The process ID can be any number. • Loopback0 interfaces should be advertised in any OSPF area for all non-MPLS Devices. • Updates should be advertised only out of the interfaces that are indicated in the IGP topology diagram. • SW2 should always generate a default route into the OSPF domain. • The BB2 link should be seen as External OSPF routes in the OSPF domain. • Make sure that the interfaces are seen in the correct are as per the diagram. • Do not create additional OSPF areas. 注释： 配置area 0和area 1 可以使用任何进程号 Loopback 0 可以在任何area SW2始终要发默认路由 SW2连BB2的接口被重分布进OSPF R3配置： router ospf Y network Y.Y.0.1 0.0.0.0 area 1 network Y.Y.0.33 0.0.0.0 area 1 exit R2配置： router ospf Y router-id Y.Y.2.2 network Y.Y.2.2 0.0.0.0 area 1 network Y.Y.0.2 0.0.0.0 area 1 network Y.Y.128.193 0.0.0.0 area 1 exit SW3配置： Ip routing router ospf Y router-id Y.Y.9.9 network Y.Y.9.9 0.0.0.0 area 1 network Y.Y.195 0.0.0.0 area 1 network Y.Y.128.161 0.0.0.0 area 1 exit SW4配置： Ip routing router ospf Y router-id Y.Y.10.10 network Y.Y.10.10 0.0.0.0 area 1 network Y.Y.128.194 0.0.0.0 area 1 network Y.Y.128.162 0.0.0.0 area 1 exit SW2配置： Ip routing route-map con permit 10 match interface f0/10 exit router ospf Y router-id Y.Y.8.8 network Y.Y.128.129 0.0.0.0 area 1 network Y.Y.128.163 0.0.0.0 area 1 network Y.Y.8.8 0.0.0.0 area 1 redistribute connected subnets route-map con default-information originate always exit R3:show ip route ospf 注意R2，R3互通，需要学习到对端的32位路由，因为他们不是 在一个网段中的的，PPP自动生成的 Sw2: show ip route SW2不会学到默认路由因为自己也下方默认路由，自己下方的比较优 R2：show ip route 默认路由走F0/1比较近 R3 show ip route 默认路由走S0/0.13比较近 R3: show ip route ospf 2.3 Implement IPv4 EIGRP Configure Enhanced Interior Gateway Routing Protocol(EIGRP) YY between R4 and R5 as per the IGP topology diagram: • Both router’s loopback0 should be seen as an EIGRP external route by the neighbor. Configure EIGRP 100 as per the IGP topology diagram: • EIGRP updates should be advertised only out of the interfaces indicated in the IGP topology diagram only. • Configure SW3 such that it will not receive any EIGRP queries . SW3 should also not send out any information about its routes to the EIGRP 100 neighbors . Do not configure any kind of outgoing filtering to accomplish this task. • Use a route-maps on SW3 to tag any Class A network address routes sourced from BB3 with a tag of 200(The ACL must cover the whole Class A address range.) • On SW3 redistribute EIGRP 100 into OSPF.Summarize the following routes into an aggregate： 198.1.1.4/30 198.2.1.0/24 198.2.3.0/24 198.2.5.0/24 注释： R4和R5之间配置EIGRP YY R4和R5的loopback0重分布进EIGRP SW3和BB3之间配置EIGRP 100 SW3配置为stub EIGRP 100 SW3不向邻居发送任何路由，但不能配置过滤 在SW3上使用route-map将所有从BB3收到的A类地址打tag 200，ACL必须匹配到整个A类地址。在SW3上将EIGRP 100重分布进OSPF，并汇总路由198为198.0.0.0 255.252.0.0 R4配置： route-map con permit 10 match interface loopback 0 exit router eigrp Y network Y.Y.254.2 0.0.0.0 no auto-summary redistribute connected (metric 10000 100 255 1 1500) route-map con exit R5配置： route-map con permit 10 match interface loopback 0 exit router eigrp Y network Y.Y.254.1 0.0.0.0 no auto-summary redistribute connected (metric 10000 100 255 1 1500) route-map con exit R4和R5路由表 SW3配置： 只要严格按照0——严格匹配，1——任意配置的原则不管什么反掩码都是纸老虎。 0xxxxxxx.0.0.0 0111111.255.255.255 access-list 3 deny 0.0.0.0 0.255.255.255 access-list 3 deny 127.0.0.0 0.255.255.255 access-list 3 permit 0.0.0.0 127.255.255.255 route-map tag permit 10 match ip address 3 set tag 200 ! route-map tag permit 20 router eigrp 100 network 150.3.Y.1 0.0.0.0 no auto-summary eigrp stub receive-only //直接受他发过来的路由，我不会把路由（如：直连路由和默认路由）发给老大路由器，老大有查询不会向我发 // 做成stub，我会把路由（如：直连路由和默认路由）发给老大路由器，老大有查询不会向我发 distribute-list route-map tag in vlan 33 ??实现不了，不知道为什么 exit router ospf Y redistribute eigrp 100 subnets summary-address 198.0.0.0 255.252.0.0 exit 方法二： Sw3(config)#router ospf 1 Sw3(config-router)# redistribute eigrp 100 subnets route-map tag Sw3 (config-router)#summary-address 198.0.0.0 255.252.0.0 友情提示：在做完EIGRP以后，需要先查看R4和R5的邻居关系，包括R5和R4的LOOP口是否是以“D EX”的形式显示出来的！！ #show ip route eigrp #show ip eigrp neighbor 然后再看其他路由器上是否收到汇总路由198.0.0.0/13或198.0.0.0/8 查看重分发进来的A类地址是否已经带上标记！ SW2：show ip route | in E2 SW2:查看A类打标记的路由 show ip ospf database 查看五类路由 2.4 ImplementMPLS Part1 Configure MPLS per the MPLS topology diagram according to the following requirements: • Name the vrf as “VPNY” (Use RD=100:1 and route target import and export 100:1) Use MPBGP AS 100 to exchange customer prefixes.Source all BGP updates using loopback 0 address. • Use OSPF as the routing protocol between PE and CE • Address the need MPLS introduces of connecting the partitioned OSPF backbone (R4 and R5 are PE router ,SW1 and SW2 are CE router) 注释： VRF为VPNY，RD为100:1，RT为100:1 MPBGP为AS 100，使用loopback0为源地址 OSPF backbone 部分地址，也就是SW1和SW2，必须是以MPLS达到对方。 R4配置： ip cef mpls ldp router-id loopback0 force interface fa0/1 mpls ip exit ip vrf VPNY rd 100:1 route-target both 100:1 // (import,export) exit interface fa0/0 ip vrf forwarding VPNY ip address Y.Y.128.130 255.255.255.224 exit router bgp 100 no auto-summary no syn bgp router-id Y.Y.4.4 nei Y.Y.5.5 remote-as 100