ccie Version 40修改版.docx
《ccie Version 40修改版.docx》由会员分享,可在线阅读,更多相关《ccie Version 40修改版.docx(17页珍藏版)》请在冰豆网上搜索。
ccieVersion40修改版
V40
排错:
1.R6的速度不匹配---------------g0/1单臂
R6的SPEED为10,SW1的F0/6为:
100M,建议改在R6上用:
NOSPEED10或SPEED100,不需要改SW1的F0/6
2.R3的S0/0/0的MASK不对
11网段mask24改为:
29位即可
3.R2的F0/0地址配错了---------
BB1接口150.1.Y.11/24,改为:
150.1.Y.1/24
Part1:
BridgingandSwitching
1.1FrameRelay
●ConfigframerelaymapasmentionedonDiagram1
●Youcan'tusesubinterfaceonanyinterfaces
●framerelayneedtobefullmeshconnection,butonlycanusePVCmentionedonDiagram1
没有ping通本端要求.
1.2Trunk
SW1andSW2andSW3hasConfigISLtrunktointerconnectthem.
SW1&SW2:
intranfa0/13–14
swtrenisl(dotq1)
swmotr
channel-group12moon
SW1&SW3:
intranfa0/8–9
swtrenisl
swmotr
channel-group13moon
SW2&SW3:
intranfa0/11–12
swtrenisl
swmotr
channel-group23moon
showinttrunk
showintport-channel12/13/23(Up/Err-disable)
(记得先shutdown,后再noshutdown
每个都要通告两次,相互之间都要做)
1.3CHANNEL-GROUP
在SW1,SW2,SW3之间相互做CHANNEL-GROUP.
MODE?
---没有说MODE.就用MODEON
1.4VTP
●SW1usetheVTPSERVERmode
●SW2,SW3usetheCLIENTmode
●afterconfiguration,SW2,SW3mustseealltheVLAN'sinformation
●VTPdomain-name:
VTPYY(YY=RackNumber)
●crossoverlinkateachinterface
1.5VLANSetup
Afterfinishedallofconfiguration,SW1,SW2andSW3shouldbeabletoaccess
allyournetwork.
VLANA--------20
VLANB--------30
VLANC--------60
VLANBB1----40
VLANBB2----50
VLANBB3----70
SW1:
fa0/2vl40
fa0/3–4vl20
fa0/10vl40
SW2:
fa0/1vl30(interranf0/1,f0/5表示两个接口)
fa0/5vl30(interranf0/1-5表示1-55个接口)
fa0/4vl60
fa0/6
swtrendot1q这里是否可以配ISL封装?
(个人注释)
swtrallowedvlanadd50是否可以不配运行的VLAN呢?
(个人注释)
swtrallowedvlanadd70
swmotr
fa0/10vl50
SW3:
fa0/10vl70
showvlan-switchbrief
showvlan
1.6FallbackBridge
●OnSw1,configurebridgebetweenFa0/6(connectedtoR6)andVLAN_A
●(connectingSw1,R3andR4).
●ShouldnotaffectroutingontheSwitch
●DonotbridgeanydynamicallylearnedMACaddress.Onlyforwardthefollowingaddresses:
MAC:
1234.1234.1234
MAC:
aaaa.bbbb.cccc
SW1:
bridge1protocolvlan-bridge
nobridge1acquire
bridge1address1234.1234.1234forward
bridge1addressaaaa.bbbb.ccccforward
interfacef0/6
bridge-group1
interfacevlan20
bridge-group1
1.7CatalystSW1Fa0/6
R6connecttoSW1fa0/6andtheIPaddressisYY.YY.9.7
interf0/6
noswitchport
ipadd32.32.9.7
1.8SVI
●R4的F0/1接口地址为:
Y.Y.14.4/24,SW3的VLAN_C的SVI地址为:
Y.Y.14.9/24,明确说明:
配置完毕后sw3svi能pingR4F0/1口(属于同一VLAN,个人注释)
VLAN-C为60
intervlan60
ipadd32.32.14.9255.255.255.0
●R6要做单臂BB3/BB2,TrafficonthewireshoulimitedtothespecificVLANSonly
interf2/0.50
endotq50
ipadd150.2.32.1255.255.255.0
noshu
interf2/0.70
endotq70
ipadd150.3.32.1255.255.255.0
noshu
1.9MST
pvst+CPU利用率过高,将vlan204060为一个生成树,再将vlan305070为一个生成树(没有明确说明在交换机配置)
1.10Channel-GroupLoad-Balance
默认基于source-mac-address,toconfiguretheEthernetchanneltomakeallswitchesmaximumutilization
3550:
src-mac(src-dst-ip)
3560:
src-dst-mac
1.11Vines-ipFiltering
OnvlanBB2,donotallowvines-iptraffic.Othertrafficsarepermitted
SW2:
macaccess-listextendedVINES_IP
permitanyanyvines-ip
vlanaccess-mapDENY_VINES_IP
matchmacaddressVINES_IP
actiondrop
vlanaccess-mapDENY_VINES_IP20
actionforward
vlanfilterDENY_VINES_IPvlan-list50
showvlanaccess-map
Part2:
IPIGPProtocols
所有Loopback为/32
2.1EIGRPYY
●EIGRPYY(R3,R4的Loopback0既放入OSPF也放入EIGRP)
●R6/SW1/R3/R4运行EIGRPYY
●在SW1上,R6looback0以及BB3接口路由在路由表里面应该显示为内部路由
networkLoopback0andBB3interface
●EIGRPYY不和BB3建立邻接关系
在r6上:
net32.0.0.0
passive-interfacelo0
net150.3.32.10.0.0.0
passive-interfacef2/0.70
passive-interfaceloopback0
passive-interfaceBB3interface
●要求R4上14网段通告到EIGRPYY,但不允许用commandnetwork
route-mapCONN
matchinterfacee1/1s0/0
routereigrpYY
redistributeconnectedroute-mapCONN//-----和后面的双向重分布关联
r4(config)#route-mapCONN
r4(config-route-map)#matchintere1/1
r4(config-route-map)#routereigrp32
r4(config-router)#redistributeconnectedroute-mapCONN
2.2EIGRP100
●R6与BB3之间运行EIGRP100
●要求EIGRPYY要重分布进EIGRP100
●R6向BB3只通告YY.YY.0.0/16的路由,接口汇总distribute-listout
●R6只从BB3接收Firstoctet198.x.x.x的路由
ipaccess-liststandardTo_BB3
permitY.Y.0.0
ipaccess-liststandardFROM_BB3
permit198.0.0.00.255.255.255`
或ipprefix-listFROM_BB3permit198.0.0.0/8le32
routerei100
noau
net150.3.Y.00.0.0.255
distribute-listTo_BB3outfa0/1.70
distribute-listFrom_BB3infa0/1.70
intfa0/1.70
ipsummary-addressei100Y.Y.0.0255.255.0.0
(#routereigrp100
r6(config-router)#net150.3.0.0
r6(config-router)#redistributeeigrp32
r6(config-router)#exit
r6(config)#ipaccess-liststandardTO_BB3
r6(config-std-nacl)#permit32.32.0.0
r6(config-std-nacl)#exit
r6(config)#ipaccess-liststandardFROM_BB3
r6(config-std-nacl)#permit198.0.0.00.255.255.255
routereigrp100
r6(config-router)#distribute-listTO_BB3outf2/0.70
r6(config-router)#distribute-listFROM_BB3inf2/0.70
r6(config-router)#noau
r6(config-router)#interf2/0.70
r6(config-subif)#ipsummary-addresseigrp10032.32.0.0255.255.0.0)
完成之后,R3/R4/SW1能够ping通150.3.y.254
但没要求EIGRP100重分布进EIGRPYY
因SW1的路由表中没有EIGRP的外部路由.还有,在题中也明确说了不要看到EIGRP的外部路由
2.3RIP
●R2与BB1之间运行RIPV2,RIP的路由重分布进入OSPF后,每一跳Metric可变
●R2shouldonlysendRIPupdatetootherriprouters,propagateyourYY.0.0.0atthenetworknumberboundry(需要接口汇总TO-BB1)
passive-interfacedefault
neighbor150.1.YY.254
●minimizeRIPtrafficgeneratedbyR2(最小化R2的rip流量)
passive-interfaceLoopback1
●configinterfaceloopback1withipaddress150.4.YY.1andplacethisinterfaceintoRIP(配置lo1的ip,并放置这个接口torip)
●R2onlyreceive199.172.Z.0(Z=5,10,13,14)byBB1,要求用最小的命令行
ipaccess-liststandardFROM_BB1
permit199.172.5.00.0.8.0
permit199.172.10.00.0.4.0
(
r2(config)#routerrip
r2(config-router)#ver2
r2(config-router)#noau
r2(config-router)#net150.1.0.0
r2(config-router)#net32.0.0.0
r2(config-router)#passive-interfacedefault
r2(config-router)#nei150.1.32.254
r2(config-router)#net150.4.0.0
r2(config-router)#intelo1
r2(config-if)#ipadd150.4.32.1255.255.255.0
r2(config-if)#routerrip
r2(config-router)#passive-interfacelo1
r2(config-router)#exit
r2(config)#ipaccess-liststandardFROM_BB1
r2(config-std-nacl)#permit199.172.5.00.0.8.0
r2(config-std-nacl)#permit199.172.10.00.0.4.0
r2(config-std-nacl)#routerrip
r2(config-router)#distribute-listFROM_BB1INE1/0
r2(config-router)#intee1/0
r2(config-if)#ipsummary-addressrip32.0.0.0255.0.0.0)
2.4OSPF
●Frame-relay对应的OSPF网络模式使用Broadcast跟P-T-P
R1/R3/R4:
ipospfnetworkbroadcast
R2/R5:
Ipospfnetworkpoint-to-point
●R3R4不能参与选举DR
ipospfpriority0
●R1R5要停留在2WAY状态,不要形成fullstate
ipospfpriority0
●R2在60秒之内不sendhellopacket,邻接关系均不会丢失
R2/R5:
ipospfdead-interval60
2.5重分布
●来自RIP/OSPF的路由,在SW1上面可看到twoPrefix路由,不能使用variance修改达到这个目的,而且YY.YY.11.0/29的下一跳为YY.YY.10.3
R3/R4:
routereigrpYY
redistributeospf1YYmetric200010025511500
●R1看到的R6的Loopback0在正常情况下要指向R3,R3不可用时,指向R4,其它的路由可看到loadbalance
默认EIGRP重分布进OSPF的metic为20,所以将R6_LB重分布进来时改metric为<20即可,记住放行其他路由
R3:
ipaccess-liststandardR6_LB
permitYY.YY.6.6
route-mapFROM_EIGRPpermit10
matchipaddressR6_LB
setmetric19
route-mapFROM_EIGRPpermit20
routerospf1YY
redistributeeigrpYYsubnetsroute-mapFROM_EIGRP
R4正常重分布
●R1看到的从R3,R4重分布进来的路由为:
OE2
OSPF只收到5条EIGRPYY的路由
2.6LoopbackInterfaces
Alltheloopbackinterfacesmustbeseeinallrouter’sroutetable.Youcanuseloopbackinterfacetoaccesstheseequipment.Andcantelnettoenablemode
所有的Loopback0都要在路由表中以/32可见
重分布总结:
R2/R3/R4双向重分布
2.7IPV6
ConfigureIPv6addressandenableIPv6routing
R1:
G0/1–2068:
YY:
YY:
11:
:
1/64
R4:
G0/0–2068:
YY:
YY:
44:
:
4/64
Tunneling
●WithoutusingadditionalIPv6address,makeIPv6traffictunnelthroughtheIPv4framerelaynetwork
●TunnelingonR4andR1.Usethestabledestinationfortunnel.
●RunRIPngfortheIPv6addresses
●Makesureyoucanpingalltheipv6address
R4/R1
interfacetunnel0
tunnelsourceloopback0
tunneldestinationYY.YY.1.1/YY.YY.4.4
tunnelmodeipv6ip
ipv6enable-------------------------只产生linklocal地址
ipv6ripRIPv6enable
Part3:
BGP
3.1PeerConfiguration
●BB1andBB2areinAS254,R2areinASYYandR6areinAS100+YY
●BB2指R6的邻居是ASYY
●不允许使用联邦
●R6上有loopback1接口200.220.YY.YY/27通告到BGP里,当通告给BB2时,要求BB2不通告给其他eBGP邻居
R6:
ipprefix-listR6_LB_1permit200.220.YY.YY/27
route-mapCOMM
matchipaddressprefix-listR6_LB_1
setcommunitylocal-AS
route-mapCOMMpermit20
routerbgp1YY
neighbor150.2.YY.254route-mapCOMMout
neighbor150.2.YY.254send-community
3.2R2Configuration
ConfigureR2,sowhenyou“showipbgp”,youwillhavethefollowingoutput:
R2:
next-hoppath
>197.68.0.0/190.0.0.0254253i
>197.68.1.0150.1.1.254254253i
>197.68.4.0150.1.1.254254253i
S>197.68.5.0150.1.1.254254253i
>197.68.21.0150.1.1.254254253i
>197.68.22.0150.1.1.254254253i
R2:
ipprefix-listBGP_5permit197.68.5.0/24
route-mapBGP_5
matchipaddressprefix-listBGP_5
routerbgpYY
aggregate-address197.68.0.0255.255.224.0as-setsupress-mapBGP_5
3.3R6Configuration
ConfigureR6sowhenyoutype“showipbgp”,youwillhavethefollowingoutput:
BGPtableversionis9,localrouterIDis200.220.YY.1
next-hoplocprfpath
>197.68.1.0150.100.2.254250YY254i
>197.68.4.0150.100.2.2546YY254i
>197.68.5.0150.100.2.254250YY254i
>197.68.21.0150.100.2.2541351YY254i
>197.68.22.0150.100.2.254250YY254i
>200.220.YY.00.0.0.0
R6:
ipprefix-listBGP_4permit197.68.4.0/24
ipprefix-listBGP_21permit197.68.21.0/24
route-mapBGPpermit10
matchipaddressprefix-listBGP_4
setas-pathprepend6
route-mapBG
升级会员 