ccie Version 40修改版.docx

1、ccie Version 40修改版V40排错：1. R6 的速度不匹配-g0/1 单臂R6的SPEED为10，SW1的F0/6 为：100M，建议改在R6上用：NO SPEED 10或SPEED100，不需要改SW1的F0/62. R3的S0/0/0的MASK不对11 网段mask 24 改为: 29位即可3. R2的F0/0地址配错了-BB1接口150.1.Y.11/24, 改为：150.1.Y.1/24Part 1:Bridging and Switching1.1 Frame Relay Config frame relay map as mentioned on Diagram 1

2、You cant use sub interface on any interfaces frame relay need to be full mesh connection, but only can use PVC mentioned on Diagram 1没有ping通本端要求.1.2 TrunkSW1 and SW2 and SW3 has Config ISL trunk to interconnect them.SW1 & SW2:int ran fa0/13 14sw tr en isl（dotq1）sw mo trchannel-group 12 mo onSW1 & SW

3、3:int ran fa0/8 9 sw tr en isl sw mo tr channel-group 13 mo onSW2 & SW3:int ran fa0/11 12 sw tr en isl sw mo tr channel-group 23 mo onshow int trunkshow int port-channel 12/13/23 (Up/Err-disable)(记得先shutdown,后再no shutdown每个都要通告两次,相互之间都要做)1.3 CHANNEL-GROUP在SW1,SW2,SW3 之间相互做CHANNEL-GROUP.MODE ? -没有说MO

4、DE.就用MODE ON1.4 VTP SW1 use the VTP SERVER mode SW2, SW3 use the CLIENT mode after configuration,SW2, SW3 must see all the VLANs information VTP domain-name: VTPYY (YY=Rack Number) crossover link at each interface1.5 VLAN SetupAfter finished all of configuration, SW1, SW2 and SW3 should be able to a

5、ccessall your network.VLAN A-20VLAN B-30VLAN C-60VLAN BB1-40VLAN BB2-50VLAN BB3-70SW1:fa0/2 vl 40fa0/3 4 vl 20fa0/10 vl 40SW2:fa0/1 vl 30(inter ran f0/1,f0/5表示两个接口)fa0/5 vl 30 （inter ran f0/1-5表示1-5 5个接口）fa0/4 vl 60fa0/6 sw tr en dot1q 这里是否可以配ISL封装？（个人注释） sw tr allowed vlan add 50 是否可以不配运行的VLAN呢？（个人

6、注释）sw tr allowed vlan add 70sw mo tr fa0/10 vl 50SW3:fa0/10 vl 70show vlan-switch briefshow vlan 1.6 Fallback Bridge On Sw1, configure bridge between Fa0/6 (connected to R6) and VLAN_A (connecting Sw1, R3 and R4). Should not affect routing on the Switch Do not bridge any dynamically learned MAC addr

7、ess. Only forward thefollowing addresses:MAC:1234.1234.1234MAC:aaaa.bbbb.ccccSW1:bridge 1 protocol vlan-bridgeno bridge 1 acquirebridge 1 address 1234.1234.1234 forwardbridge 1 address aaaa.bbbb.cccc forwardinterface f0/6 bridge-group 1interface vlan 20 bridge-group 11.7 Catalyst SW1 Fa0/6R6 connect

8、 to SW1 fa0/6 and the IP address is YY.YY.9.7inter f0/6no switchportip add 32.32.9.71.8 SVI R4的F0/1接口地址为:Y.Y.14.4/24, SW3的VLAN_C的SVI地址为:Y.Y.14.9/24, 明确说明：配置完毕后sw3 svi 能ping R4 F0/1 口（属于同一VLAN，个人注释）VLAN-C 为 60inter vlan 60ip add 32.32.14.9 255.255.255.0 R6 要做单臂BB3/BB2, Traffic on the wire shou limite

9、d to the specific VLANS onlyinter f2/0.50en dotq 50ip add 150.2.32.1 255.255.255.0no shuinter f2/0.70en dotq 70ip add 150.3.32.1 255.255.255.0no shu1.9 MSTpvst+ CPU利用率过高，将vlan 20 40 60 为一个生成树，再将vlan 30 50 70为一个生成树(没有明确说明在交换机配置)1.10 Channel-Group Load-Balance默认基于source-mac-address, to configure the E

10、thernet channel to make all switches maximum utilization3550: src-mac(src-dst-ip)3560:src-dst-mac1.11 Vines-ip FilteringOn vlan BB2, do not allow vines-ip traffic. Other traffics are permittedSW2:mac access-list extended VINES_IP permit any any vines-ipvlan access-map DENY_VINES_IP match mac address

11、 VINES_IP action dropvlan access-map DENY_VINES_IP 20 action forwardvlan filter DENY_VINES_IP vlan-list 50show vlan access-mapPart 2:IP IGP Protocols所有Loopback为/322.1 EIGRP YY EIGRP YY (R3，R4的Loopback 0既放入OSPF也放入EIGRP) R6/SW1/R3/R4运行EIGRP YY 在SW1上,R6 looback0以及BB3接口路由在路由表里面应该显示为内部路由network Loopback

12、0 and BB3 interface EIGRP YY不和BB3建立邻接关系在r6上:net 32.0.0.0 passive-interface lo0net 150.3.32.1 0.0.0.0passive-interface f2/0.70passive-interface loopback 0passive-interface BB3 interface 要求R4上14网段通告到EIGRP YY，但不允许用command networkroute-map CONN match interface e1/1 s0/0router eigrp YYredistribute connec

13、ted route-map CONN / -和后面的双向重分布关联 r4(config)#route-map CONNr4(config-route-map)#match inter e1/1r4(config-route-map)#router eigrp 32r4(config-router)#redistribute connected route-map CONN2.2 EIGRP 100 R6与BB3之间运行EIGRP 100 要求EIGRP YY要重分布进EIGRP 100 R6向BB3只通告YY.YY.0.0/16的路由，接口汇总 distribute-list out R6只从

14、BB3接收First octet 198.x.x.x的路由ip access-list standard To_BB3 permit Y.Y.0.0ip access-list standard FROM_BB3 permit 198.0.0.0 0.255.255.255或 ip prefix-list FROM_BB3 permit 198.0.0.0/8 le32router ei 100 no au net 150.3.Y.0 0.0.0.255 distribute-list To_BB3 out fa0/1.70 distribute-list From_BB3 in fa0/1.

15、70int fa0/1.70 ip summary-address ei 100 Y.Y.0.0 255.255.0.0(#router eigrp 100r6(config-router)#net 150.3.0.0r6(config-router)#redistribute eigrp 32r6(config-router)#exitr6(config)#ip access-list standard TO_BB3r6(config-std-nacl)#permit 32.32.0.0r6(config-std-nacl)#exitr6(config)#ip access-list sta

16、ndard FROM_BB3r6(config-std-nacl)#permit 198.0.0.0 0.255.255.255router eigrp 100 r6(config-router)#distribute-list TO_BB3 out f2/0.70r6(config-router)#distribute-list FROM_BB3 in f2/0.70r6(config-router)#no aur6(config-router)#inter f2/0.70r6(config-subif)#ip summary-address eigrp 100 32.32.0.0 255.

17、255.0.0)完成之后, R3/R4/SW1能够ping通150.3.y.254但没要求EIGRP 100重分布进EIGRP YY因SW1的路由表中没有EIGRP的外部路由.还有, 在题中也明确说了不要看到EIGRP的外部路由2.3 RIP R2与BB1之间运行RIPV2, RIP的路由重分布进入OSPF后, 每一跳Metric可变 R2 should only send RIP update to other rip routers, propagate your YY.0.0.0 at the network number boundry (需要接口汇总 TO-BB1)passive-i

18、nterface defaultneighbor 150.1.YY.254 minimize RIP traffic generated by R2(最小化R2的rip流量)passive-interface Loopback 1 config interface loopback 1 with ip address 150.4.YY.1 and place this interface in to RIP (配置lo1的ip，并放置这个接口to rip) R2 only receive 199.172.Z.0(Z=5,10,13,14) by BB1,要求用最小的命令行ip access-l

19、ist standard FROM_BB1 permit 199.172.5.0 0.0.8.0 permit 199.172.10.0 0.0.4.0(r2(config)#router ripr2(config-router)#ver 2r2(config-router)#no aur2(config-router)#net 150.1.0.0r2(config-router)#net 32.0.0.0r2(config-router)#passive-interface default r2(config-router)#nei 150.1.32.254r2(config-router)

20、#net 150.4.0.0r2(config-router)#inte lo1r2(config-if)#ip add 150.4.32.1 255.255.255.0r2(config-if)#router rip r2(config-router)#passive-interface lo1r2(config-router)#exit r2(config)#ip access-list standard FROM_BB1r2(config-std-nacl)#permit 199.172.5.0 0.0.8.0r2(config-std-nacl)#permit 199.172.10.0

21、 0.0.4.0r2(config-std-nacl)#router ripr2(config-router)#distribute-list FROM_BB1 IN E1/0r2(config-router)#inte e1/0 r2(config-if)#ip summary-address rip 32.0.0.0 255.0.0.0)2.4 OSPF Frame-relay对应的OSPF网络模式使用Broadcast跟 P-T-PR1/R3/R4:ip ospf network broadcastR2/R5:Ip ospf network point-to-point R3 R4不能参

22、与选举DRip ospf priority 0 R1 R5要停留在2WAY状态, 不要形成full stateip ospf priority 0 R2在60秒之内不send hello packet，邻接关系均不会丢失R2/R5:ip ospf dead-interval 602.5 重分布 来自RIP/OSPF的路由, 在SW1上面可看到two Prefix路由, 不能使用variance修改达到这个目的,而且YY.YY.11.0/29的下一跳为YY.YY.10.3R3/R4:router eigrp YY redistribute ospf 1YY metric 2000 100 255

23、 1 1500 R1看到的R6的Loopback 0在正常情况下要指向R3，R3不可用时，指向R4, 其它的路由可看到load balance默认EIGRP重分布进OSPF的metic为20，所以将R6_LB重分布进来时改metric为197.68.0.0/19 0.0.0.0 254 253 i197.68.1.0 150.1.1.254 254 253 i197.68.4.0 150.1.1.254 254 253 iS197.68.5.0 150.1.1.254 254 253 i197.68.21.0 150.1.1.254 254 253 i197.68.22.0 150.1.1.2

24、54 254 253 iR2:ip prefix-list BGP_5 permit 197.68.5.0/24route-map BGP_5 match ip address prefix-list BGP_5router bgp YY aggregate-address 197.68.0.0 255.255.224.0 as-set supress-map BGP_53.3 R6 ConfigurationConfigure R6 so when you type “show ip bgp”, you will have the following output:BGP table ver

25、sion is 9, local router ID is 200.220.YY.1next-hop locprf path197.68.1.0 150.100.2.254 250 YY 254 i197.68.4.0 150.100.2.254 6 YY 254 i197.68.5.0 150.100.2.254 250 YY 254 i197.68.21.0 150.100.2.254 13 51 YY 254 i197.68.22.0 150.100.2.254 250 YY 254 i200.220.YY.0 0.0.0.0R6:ip prefix-list BGP_4 permit 197.68.4.0/24ip prefix-list BGP_21 permit 197.68.21.0/24route-map BGP permit 10 match ip address prefix-list BGP_4 set as-path prepend 6route-map BG