k1xzb笔记.docx
《k1xzb笔记.docx》由会员分享,可在线阅读,更多相关《k1xzb笔记.docx(25页珍藏版)》请在冰豆网上搜索。
k1xzb笔记
二层预配:
1.VTPvtpdoccieroutingandswitching#vtppasswordcisco#vtpmo
2.VLAN
3.TRUNK
Sw1~Sw4:
Interfacerangef0/19-24
switchporttrunkencapsulationdot1q
switchporttrunkallowedvlan2,3,11,13,15,22,24,44,45
switchportmodetrunk
switchportnonegotiate
4.配置接口VLAN#intf0/4#swacvl44#swmoac#spaportf
(config)#interfacefastethernet0/10
(if-config)#spanning-treeportfast
(if-config)#spanning-treeguardroot(SW1-SW3)
(if-config)#Storm-controlbroadcastlevel50.00(SW1-SW3)
(config)#spanning-treeportfastbpdufilterdefault(sw1-sw3)
spannvlan1-4094pri0(SW1)
Sw2:
interfaceFastEthernet0/2
switchporttrunkencapsulationdot1q
switchporttrunkallowedvlan22,24
switchportmodetrunk
5.帧中继
R4
frame-relayswitching
interfaceSerial0/0
encapsulationframe-relayIETF
clockrate64000
frame-relaylmi-typeansi
frame-relayintf-typedce
frame-relayroute100interfaceSerial0/1200
R1:
interfaceSerial0/0
encapsulationframe-relayIETF
clockrate64000
noframe-relayinverse-arp
interfaceSerial0/0.100point-to-point
ipaddressYY.YY.15.242255.255.255.252
frame-relayinterface-dlci100IETF
6.R2子接口
R2:
interfaceFastEthernet0/1.22
encapsulationdot1Q22
ipaddressYY.YY.15.129255.255.255.224
interfaceFastEthernet0/1.24
encapsulationdot1Q24
ipaddressYY.YY.15.34255.255.255.224
7.R1PPP封装
R5:
interfaceSerial0/0
encapsulationppp
nopeerneighbor-route
ipaddressYY.YY.15.246255.255.255.252
其他的按顺序配置但别忘回环口配置。
三层配置:
(一)OSPF
r3(config)#routeros60
r3(config-router)#net60.60.3.30.0.0.0a0
r3(config-router)#net60.60.15.1930.0.0.0a0
sw1(config)#iprouti
sw1(config)#routeros60
sw1(config-router)#net60.60.7.70.0.0.0a0
sw1(config-router)#net60.60.15.1620.0.0.0a0
sw1(config-router)#net60.60.15.1940.0.0.0a0
r1(config)#routeros60
r1(config-router)#area2nssadefault-information-originate
r1(config-router)#net60.60.15.1610.0.0.0area0
r1(config-router)#net60.60.15.2420.0.0.0a2
r1(config)#ints0/0.100p
r1(config-subif)#iposnetb
r2(config)#routeros60
r2(config-router)#area2nssa
r2(config-router)#net60.60.2.20.0.0.0a2
r2(config-router)#net60.60.15.1290.0.0.0a2
r2(config-router)#net60.60.15.2410.0.0.0a2
sw2(config)#iprouting
sw2(config)#routeros60
sw2(config-router)#area2nssa
sw2(config-router)#net60.60.8.80.0.0.0a2
sw2(config-router)#net60.60.15.1300.0.0.0a2
EIGRP:
r3(config)#routerei100
r3(config-router)#net150.3.0.0
r3(config-router)#routerei60
r3(config-router)#net60.60.15.2450.0.0.0
r3(config-router)#redistributeei100
r3(config-router)#routeros60
r3(config-router)#redistributeei100su
r3(config)#ints0/0
r3(config-if)#ipsuei60198.2.0.0255.255.248.0
r5(config)#routerei60
r5(config-router)#net60.60.5.50.0.0.0
r5(config-router)#net60.60.15.970.0.0.0
r5(config-router)#net60.60.15.2460.0.0.0
r5(config-router)#net60.60.15.2500.0.0.0
r1(config)#routerei60
r1(config-router)#net60.60.1.10.0.0.0
r1(config-router)#net60.60.15.2490.0.0.0
r1(config-router)#redistributeos60me1000010025511500route-mapoe
r1(config-router)#routeros60
r1(config-router)#redistributeei60subnetsroute-mapoe
r1(config-router)#acc10per198.2.0.00.0.7.255
r1(config)#acc10per4.1.1.00.0.0.255
r1(config)#acc10per128.28.2.00.0.0.255
r1(config)#acc10per198.1.1.40.0.0.3
r1(config)#route-mapoedeny10
r1(config-route-map)#maipadd10
r1(config-route-map)#route-mapoeper20
sw4(config)#routerei60
sw4(config-router)#net60.60.15.980.0.0.0
RIPv2
r2(config)#routerrip
r2(config-router)#ver2
r2(config-router)#pade
r2(config-router)#net60.0.0.0
r2(config-router)#nei60.60.15.33
r2(config-router)#reos60me11
r2(config-router)#routeros60
r2(config-router)#reripsu
r4(config)#routerrip
r4(config-router)#ver2
r4(config-router)#pade
r4(config-router)#net60.0.0.0
r4(config-router)#nei60.60.15.66
r4(config-router)#nei60.60.15.34
sw4(config)#iprouting
sw4(config)#routerrip
sw4(config-router)#ver2
sw4(config-router)#pade
sw4(config-router)#net60.0.0.0
sw4(config-router)#nei60.60.15.65
sw4(config-router)#reei60me10
sw4(config)#routerei60
sw4(config-router)#reripme1000001111
IPv6:
r4(config)#ipv6un
r4(config)#ipv6cef
r4(config)#intf0/1
r4(config-if)#ipv6addfc01:
db8:
74:
9:
:
/64eui-64
r4(config-if)#ipv6os60a0
r4(config-if)#ipv6routeros60
r2(config)#ipv6un
r2(config)#ipv6cef
r2(config)#intf0/1.24
r2(config-subif)#ipv6addfc01:
db8:
74:
9:
:
/64eui-64
r2(config-subif)#ipv6os60a0
r2(config-subif)#ints0/0.200p
r2(config-subif)#ipv6addfc01:
db8:
74:
a:
:
/64eui-64
r2(config-subif)#ipv6os60a1
r2(config-subif)#ipv6routeros60
r1(config)#ipv6unicast-routing
r1(config)#ipv6cef
r1(config)#intf0/1
r1(config-if)#ipv6addfc01:
db8:
74:
b:
:
/64eui-64
r1(config-if)#ipv6os60a1
r1(config-if)#ints0/0.100p
r1(config-subif)#ipv6addfc01:
db8:
74:
a:
:
/64eui-64
r1(config-subif)#ipv6os60a1
r1(config-subif)#ipv6routeros60
sw1(config)#sdmpreferdual-ipv4-and-ipv6routing
sw1(config)#ipv6un
sw1(config)#intvl11
sw1(config-if)#ipv6addfc01:
db8:
74:
b:
:
/64eui
sw1(config-if)#ipv6os60a1
sw1(config-if)#ipv6routeros60
bgp
R3:
routerbgp601
nosy
noau
bgpconid60
bgpconpeers602
nei60.60.1.1remote601
nei60.60.1.1upl0
nei60.60.5.5remote601
nei60.60.5.5upl0
nei60.60.10.10remote601
nei60.60.10.10upl0
R5:
routerbgp601
nosy
noau
bgpconid60
bgpconpeers602
nei60.60.1.1remote601
nei60.60.1.1upl0
nei60.60.3.3remote601
nei60.60.3.3upl0
nei60.60.10.10remote601
nei60.60.10.10upl0
nei150.1.60.254remote254
r5(config-router)#nei150.1.60.254route-maplocin
r5(config-router)#acc50per197.68.16.00.0.15.255
r5(config)#route-maplocper10
r5(config-route-map)#maipadd50
r5(config-route-map)#setlocal-preference150
R1:
routerbgp601
nosy
noau
bgpconid60
bgpconpeers602
nei60.60.2.2remote602
nei60.60.2.2eb
nei60.60.2.2upl0
nei60.60.3.3remote601
nei60.60.3.3upl0
nei60.60.5.5remote601
nei60.60.5.5upl0
nei60.60.10.10remote601
nei60.60.10.10upl0
SW4:
routerbgp601
Nosy
noau
bgpconid60
bgpconpeer602
nei60.60.1.1remote601
nei60.60.1.1upl0
nei60.60.2.2remote602
nei60.60.2.2eb
nei60.60.2.2upl0
nei60.60.3.3remote601
nei60.60.3.3upl0
nei60.60.5.5remote601
nei60.60.5.5upl0
R2:
routerbgp602
nosy
noau
bgpconid60
bgpconpeer601
nei60.60.1.1remote601
nei60.60.1.1eb
nei60.60.1.1upl0
nei60.60.8.8remote602
nei60.60.8.8upl0
nei60.60.10.10remote601
nei60.60.10.10eb
nei60.60.10.10upl0
sw2:
routerbgp602
nosy
noau
bgpconid60
bgpconpeer601
nei60.60.2.2remote602
nei150.2.60.254remote254
IPMulticast
3.1ImplementPIMsparesModeforIPv6Multicast(3points)
EnablePIMsparsemode(PIM-SM)ontheLANbetweenR4-F0/1andR2-Gi0/1,andontheWANbetweenR2-S0/0/0andR1-S0/0/0,usingthesecriteria:
∙ConfigureR4-F0/1tobetherendezvouspoint(RP)fortheFF08:
:
4000:
4000
Multicastgroup.Noothergroupsshouldbepermitted.
翻译:
3.1实施PIM稀疏模式对于IPV6的组播
启用稀疏模式在R4的F0/1和R2的G0/1之间,并且在R2的S0/0和R1的S0/0之间,使用这些标准:
1)配置R4的F0/1成为汇聚点对于FF08:
4000:
4000组播组。
2)没有其他组被允许。
3.1IP组播
r2(config)#ipv6multicast-routing
r2(config)#ipv6pimrp-addressR4的F0/1地址
r4(config)#ipv6multicast-routing
r4(config)#ipv6pimrp-R4的F0/1地址
检查:
r2#shipv6pimneighbor
PIMNeighborTable
Mode:
B-BidirCapable,G-GenIDCapable
NeighborAddressInterfaceUptimeExpiresModeDRpri
FE80:
:
207:
85FF:
FEA1:
E001Serial2/0.20000:
05:
1600:
01:
28BG1
FE80:
:
202:
16FF:
FE75:
1C01Ethernet3/0.2400:
06:
0100:
01:
40BG1
3.2MulticastJoins(3points)
∙ConfigureR1-S0/0/0.zasanIPv6receiverforthemulticastgroupFF08:
:
4000:
4000
∙R4shouldbeabletopingthemulticastgroupFF08:
:
4000:
4000
翻译:
组播加入
1)配置R1的s0/0.z作为一个ipv6接收者对于组ff08:
4000:
4000.
2)R4应该能ping通这组地址。
3.2组播
R1:
ipv6multicast-routing
Ints0/0.100point
ipv6mldjoin-groupff08:
:
4000:
4000R4的F0/1接口地址(RP地址)
检查:
R1#shipv6mldgroups
MLDConnectedGroupMembership
GroupAddressInterfaceUptimeExpires
FF08:
:
4000:
4000Serial0/0.10000:
01:
47never
R1#shipv6pimneigh
NeighborAddressInterfaceUptimeExpiresDRpriBidir
FE80:
:
2E0:
1EFF:
FE81:
8DC1Serial0/0.10002:
45:
2400:
01:
291(DR)B
R1#
SectionIV.AdvancedServices(21points)
4.1SecureHTTPAccess(3points)
∙EnablesecureHTTPaccessforR5(在R5上启用HTTPS)
∙EnableauthenticationusingthelistHTTP,whichutilizeslocaluserauthentication.(使用HTTP列表启用认证,利用本地用户认证)
∙ConfiguretwodifferentusersforaccesstoR5,theusercisco(password’cisco’),whoonlyhasprivilege1accesstoR5,andtheuserADMIN(password’CISCO’),whohasprivilege15accesstoR5
(配置两个不同的用户对于接入R5,用户cisco,密码cisco,具有级别1,然后用户admin,密码cisco,具有级别15。
)
∙Donotmodifyconsoleandvtylinesloginandpasswordconfiguration
(不要修改console和vty线路的登录和密码配置)
∙Donotenable‘servicepasswordencryption’.(不要启用全局加密)
4.1安全的HTTP访问
r5(config)#aaanew-model
r5(config)#aaaauthenticationloginhttplocal
r5(config)#userciscopasswordcisco
r5(config)#userADMINprivilege15pasCISCO
r5(config)#iphttpser
r5(config)#iphttpauthenticationaaalogin-authenticationhttp
r5(config)#iphttpsecure-server
4.2SecuretheWANPPPLinks(3points)
EnableChallengeHandshakeAuthenticationProtocol(CHAP)onR5forthelinktoR1andR3,accordingtothefollowingrequirements
∙Onr5,Useanauthentication,authorization,andaccounting(AAA)listnamedR1andR3forR1andR3,respectively
∙Atr5,AuthenticationforR1shouldfirsttrytheRadiusServe
升级会员 