CCIERSN1MC.docx
《CCIERSN1MC.docx》由会员分享,可在线阅读,更多相关《CCIERSN1MC.docx(36页珍藏版)》请在冰豆网上搜索。
CCIERSN1MC
第一部分,桥接和排错
Brigingandswitching
1.1vtp
●Sw1/Sw2/Sw3/Sw4
●VTPdomain:
VTP+YY
●VTPmode:
Transparent
RackYYSw1/SW2/SW3/SW4:
vtpdomainVTPYY
vtpmodetransparent
that’snotneedtouses/cmodeinVTP
1.2
VLAN
Sw1:
40VLAN_BB1
55VLAN_55
60VLAN_BB3
100VLAN_100
200VLAN_200
Sw2:
50VLAN_BB2
100VLAN_100
200VLAN_200
Sw3
60VLAN_BB3
200VLAN_200
Sw4
200VLAN_200
RackYYSw1:
VLANNameStatusPorts
1defaultactiveF0/7,F0/8,F0/9,F0/11,F0/12,F0/13,F0/14Fa0/15,Fa0/17Fa0/18,Gi0/1,Gi0/2
40VLAN_BB1activeFa0/4,Fa0/10
55VLAN_55activeFa0/5
60VLAN_BB3activeFa0/6
100VLAN_100activeFa0/1,Fa0/2
200VLAN_200active
RackYYSw2:
VLANNameStatusPorts
1defaultactiveF0/4,F0/5,F0/7,F0/8,F0/9,F0/11,F0/12,F0/13,F0/14,F0/16,F0/17
F0/18,Gi0/1,Gi0/2
50VLAN_BB2activeF0/6,F0/10
100VLAN_100activeF0/1,F0/2
200VLAN_200activePo10
RackYYSw3:
VLANNameStatusPorts
1defaultactiveF0/1,F0/2,F0/3,F0/4F0/5,F0/6,F0/7,F0/8,F0/9,F0/11,F0/12,F0/13,F0/14,F0/15,F0/16,F0/17,F0/18,Gi0/1,Gi0/2
60VLAN_BB3activeFa0/10
200VLAN_200active
RackYYSw4:
VLANNameStatusPorts
1defaultactiveF0/1,F0/2,F0/3,F0/4,F0/5,F0/6,F0/7,F0/8,F0/9,F0/10F0/11,F0/12
F0/13,F0/14,F0/15,F0/16,F0/17,F0/18,Gi0/1,Gi0/2
200VLAN_200activePo10
Verify:
showvlanbrief
Whenudone,umustverifycareful.
做完的时候,可以仔细核对下,注意大小写,我做的时候只要是二层的端口全使用Swithportmodeaccess
1.3Port-channelbetweenSw1aSw2
●Sw1andSw2layer3Etherchanneluseport-channel21only
●AssignYY.YY.100.1/24toSw1Port-channel21
●AssignYY.YY.100.2/24toSw2Port-channel21
●ensureinterfaceF0/23andF0/24arechannelmemberforbothSwitch
●DonotreplyonPAgPorLACPtofacilitatetheconnection
●Verifylayer2andlayer3connectivityviathechannellink
RackYYSw1:
interfacerangeFastEthernet0/23-24
shutdown
noSwitchport
channel-group21modeon
noshutdown
interfacePort-channel21
ipaddressYY.YY.100.1255.255.255.0
RackYYSw2:
interfacerangeFastEthernet0/23-24
shutdown
noSwitchport
channel-group21modeon
noshutdown
interfacePort-channel21
ipaddressYY.YY.100.2255.255.255.0
Verify:
showvtpstatus;showetherchannelsummary;showetherchannelport-channel;
1.4Port-channelbetweenSw1-Sw3andSw2-Sw4
●Sw1-Sw3Sw2-Sw4layer2Ether-channelsuseport10onlyF0/19andF0/20aremembersoftheswitches
●OnSw2andSw4assignallinterfaceintheECasstatic-accessportonVLAN_200unconditionalenablePAGPtofacilitytheconnection
●verifylayer2connectivityviathechannellink
RackYYSw1:
interfacerangeFastEthernet0/19-20
shutdown
Switchporttrunkencapsulationisl
Switchportmodetrunk
channel-group10modedesirable
noshutdown
RackYYSw3:
interfacerangeFastEthernet0/19-20
shutdown
Switchporttrunkencapsulationisl
Switchportmodetrunk
channel-group10modedesirable
noshutdown
RackYYSw2:
interfacerangeFastEthernet0/19-20
shutdown
Switchportmodeaccess
SwitchportaccessVLAN200
channel-group10modedesirable
noshutdown
RackYYSw4:
interfacerangeFastEthernet0/19-20
shutdown
Switchportmodeaccess
SwitchportaccessVLAN200
channel-group10modedesirable
noshutdown
Verify:
showetherchannelsummary;showetherchannelportchannel;
结合下面的VLAN,可以看到Sw2和Sw4的po10也在VLAN200,在你做敲channel-group10modedesirable之前先SwitchportaccessVLAN200,要不在VLAN的表中会看不到po10.
在做完的时候一定要Show一下.看看Port-channel起来了没
1.5
●Catalystlayer3configuration
●ConfigureSw1andSw2IPaddressasoutlinedndiagram
●ConnectivitytoR3usesrouteports
●R1andR2aremembersofvlan100onSw1andSw2
1.6
●Catalystlayer3configuration
●ConfigureSw3andSw4IPaddressing
●ConfigureVLAN_200inSw1withIPaddressYY.YY.34.1/24
●ConfigureVLAN_200inSw2withIPaddressYY.YY.43.1/24
●VerifytheconnectivitybetweenSw1andSw2
RackYYSw1:
VLAN100YY.YY.12.254/24
VLAN200YY.YY.34.1/24
RackYYSw2:
VLAN100YY.YY.21.254/24
VLAN200YY.YY.43.1/24
RackYYSw3:
VLAN200YY.YY.34.254/24
RackYYSw4:
VLAN200YY.YY.43.254/24
RackYYSw1:
iprouting
interfaceVLAN100
ipaddressYY.YY.12.254255.255.255.0
interfaceVLAN200
ipaddresssYY.YY.34.1255.255.255.0
RackYYSw2:
iprouting
interfaceVLAN100
ipaddressYY.YY.21.254255.255.255.0
interfaceVLAN200
ipaddressYY.YY.43.1255.255.255.0
RackYYSw3:
iprouting
interfaceVLAN200
ipaddressYY.YY.34.254255.255.255.0
RackYYSw4:
iprouting
interfaceVLAN200
ipaddressYY.YY.43.254255.255.255.0
Verify:
showipinterfacebrief;showiproute
RackYYSw1:
interfaceFastEthernet0/3
noSwitchport
ipaddressYY.YY.13.2255.255.255.0
RackYYSw2:
interfaceFastEthernet0/3
noSwitchport
ipaddressYY.YY.31.2255.255.255.0
Verify:
showinterfacestatus;showipinterfacebrief;showiproute
1.7Catalystfeature
●CofigureSw1-F0/1sothattheinterfacewillstopforwardingunicasttrafficiftheinputrateexceeds65Mbps
RackYYSw1:
interfaceFa0/1
Storm-controlunicastlevel55.00
Verify:
showstorm-controlunicast
1.8Catalysttunning
●CofiguretheamountoftineaneighboushouldholdCDPinformationsentbySw2beforediscardingitto2minutes
RackYYSw1:
cdpholdtime120
Verify:
showcdp
1.9CatalystFeature
●ConfigureSw1tocontrolandblockthefloodofunknownMulticasttrafficontheinterfaceF0/5
RackYYSw1:
interfaceFa0/5
Switchportblockmulticast
IpIgmpsnooping
或者‘ipcgmpenable’
Verify:
showinterfaceinterface-idswitchport
第二部分:
IGP和BGP
IGP
2.1OSPFBbackbones
●ThelinkbetweenSw1andSw2
●AllinterfaceinVLAN_100onSw1Sw2R1andR2
●R3G0/0andG0/1andthefa0/3onSw1andSw2
●Loopback0interfaceonSw1Sw2R2andR3
●VerifyingthatallOSPFneighborhavebuilttheiradjacencies
RackYYR1:
RouterospfYY
networkYY.YY.12.10.0.0.0area0
networkYY.YY.21.10.0.0.0area0
RackYYR2:
RouterospfYY
networkYY.YY.2.20.0.0.0area0
networkYY.YY.12.20.0.0.0area0
networkYY.YY.21.20.0.0.0area0
RackYYSw1:
RouterospfYY
networkYY.YY.7.70.0.0.0area0
networkYY.YY.12.2540.0.0.0area0
networkYY.YY.13.20.0.0.0area0
networkYY.YY.100.10.0.0.0area0
RackYYSw2:
RouterospfYY
networkYY.YY.8.80.0.0.0area0
networkYY.YY.21.2540.0.0.0area0
networkYY.YY.31.20.0.0.0area0
networkYY.YY.100.20.0.0.0area0
RackYYR3:
RouterospfYY
networkYY.YY3.30.0.0.0area0
networkYY.YY.13.10.0.0.0area0
networkYY.YY.31.10.0.0.0area0
Verify:
showipospfinterfacebrief;showipospfneighbor
2.2OSPFoverNBMA
●OSPFarea11consistofthefollowinterfaceandattributes
●TheFrameRelaynetworkbetweenR3R4R5
●Loopback0onR4andR5
●VLAN_55
●EnsurethereisnoDR/BDR
RackYYR3:
interfaces0/0/0.3
ipospfnetworkpoint-to-multipointnon-broadcast
RouterospfYY
networkYY.YY.11.30.0.0.0area11
neiYY.YY.11.4
neiYY.YY.11.5
RackYYR4:
interfaces0/0/0.4
ipospfnetworkpoint-to-multipointnon-broadcast
RouterospfYY
networkYY.YY.4.40.0.0.0area11
networkYY.YY.11.40.0.0.0area11
RackYYR5:
interfaces0/0/0.5
iposnetpoint-to-multipointnon-broadcast
RouterospfYY
networkYY.YY.5.50.0.0.0area11
networkYY.YY.11.50.0.0.0area11
networkYY.YY.55.2540.0.0.0area11
Verify:
showipospfinterfacebrief;showipospfneighbor
2.3OSPFASBRandRIPversion2
●ConfigureR4toreceiveRIPv2routesfromBackbone1
●WhenproperlyconfiguredyouwillreceivesRIPv2routesintheclassBaddressrange199.172.Z.Z
●ConfigureR4sothattheexternalRIProutesareinjectedintoarea11andappearthroughoutthatOSPFdomain
●EnsureexternalroutesoriginatesfromAutonomousSystemsBoundaryRouters(ASBR)outsidearea11cannotbefloodedwithinthearea
●PermitOSPFtype-3routesintoarea11(在R5上看)
RackYYR4:
ipprefix-listfbb1per199.172.0.0/16le32
Routerrip
version2
noauto-summary
network150.1.0.0
distribute-listprefixfbb1inFa0/0
RouterospfYY
redistributeripmetric-type1subnets
area11nssa
RackYYR3:
RouterospfYY
area11nssa
RackYYR5:
RouterospfYY
area11nssa
Verify:
showipprotocol;showiprouterip;showipospf;showiprouteospf;
2.4Area34andArea43
●OSPFarea34consistsoftheVLAN_200interfacesonSw1andSw3andloopback0inSw3
●OSPFarea43consistsoftheVLAN_200interfacesonSw2andSw4andloopback0inSw4
RackYYSw1:
RouterospfYY
networkYY.YY.34.10.0.0.0area34
RackYYSw2:
RouterospfYY
networkYY.YY.43.10.0.0.0area43
RackYYSw3:
RouterospfYY
networkYY.YY.9.90.0.0.0area34
networkYY.YY.34.2540.0.0.0area34
RackYYSw4:
RouterospfYY
networkYY.YY.10.100.0.0.0area43
networkYY.YY.43.2540.0.0.0area43
Verify:
showipospfinterfacebrief;showipospfneighbor
2.5OSPFABR
●Staticroutesarenotpermittedforthisquestion
●injectadefaultrouteintoarea0area11area34area43
●Usefewestnumberofstepsorcommandstocompletesthis
RackYYR3:
RouterospfYY
area11nssadefault-information-originate
default-informationoriginatealways
Verify:
showiprouteospf;showipospfdatabase
2.6OSPFSummary
●AddthefollowinginterfaceonR2toArea0
●Loopback22180.88.22.254/24
●Loopback32180.88.32.254/24
●Loopback47180.88.47.254/24
●Summarizetheaboveaddressintoasingleroute
●Yoursummaryroutemustbecompactandnotwasteaddressspace
●VerifytheSummaryisintheOSPFroutingtableonR5andyoucanpingallthehostaddress
●R3、Sw1、Sw2都要做区域间汇总。
RackYYR2:
intlo22
ipaddress180.88.22.254255.255.255.0
intlo32
ipaddress180.88.32.254255.255.255.0
intlo47
ipaddress180.88.47.254255.255.255.0
RouterospfYY
network180.88.0.00.0.63.255
升级会员 