1、k1xzb笔记二层预配: 1.VTP vtp do ccieroutingandswitching #vtp password cisco #vtp mo 2.VLAN3.TRUNK Sw1Sw4: Interface range f0/19 -24 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,3,11,13,15,22,24,44,45 switchport mode trunk switchport nonegotiate4.配置接口VLAN #int f0/4 #sw ac vl 44 #sw
2、mo ac #spa portf (config)#interface fastethernet 0/10 (if-config)#spanning-tree portfast (if-config)#spanning-tree guard root (SW1-SW3) (if-config)#Storm-control broadcast level 50.00(SW1-SW3) (config)#spanning-tree portfast bpdufilter default(sw1-sw3) spann vlan 1-4094 pri 0(SW1)Sw2:interface FastE
3、thernet0/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 22,24 switchport mode trunk5.帧中继R4frame-relay switchinginterface Serial0/0 encapsulation frame-relay IETFclock rate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 100 interface Serial0/1 200R1:
4、interface Serial0/0 encapsulation frame-relay IETF clock rate 64000 no frame-relay inverse-arpinterface Serial0/0.100 point-to-point ip address YY.YY.15.242 255.255.255.252 frame-relay interface-dlci 100 IETF6.R2子接口R2:interface FastEthernet0/1.22 encapsulation dot1Q 22 ip address YY.YY.15.129 255.25
5、5.255.224interface FastEthernet0/1.24 encapsulation dot1Q 24 ip address YY.YY.15.34 255.255.255.2247R1 PPP封装 R5:interface Serial0/0 encapsulation ppp no peer neighbor-route ip address YY.YY.15.246 255.255.255.252其他的按顺序配置 但 别忘 回环口配置。三层配置:(一) OSPFr3(config)#router os 60r3(config-router)#net 60.60.3.3
6、0.0.0.0 a 0r3(config-router)#net 60.60.15.193 0.0.0.0 a 0sw1(config)#ip routisw1(config)#router os 60sw1(config-router)#net 60.60.7.7 0.0.0.0 a 0sw1(config-router)#net 60.60.15.162 0.0.0.0 a 0sw1(config-router)#net 60.60.15.194 0.0.0.0 a 0r1(config)#router os 60r1(config-router)#area 2 nssa default-
7、information-originater1(config-router)#net 60.60.15.161 0.0.0.0 area 0r1(config-router)#net 60.60.15.242 0.0.0.0 a 2r1(config)#int s0/0.100 pr1(config-subif)#ip os net br2(config)#router os 60r2(config-router)#area 2 nssar2(config-router)#net 60.60.2.2 0.0.0.0 a 2r2(config-router)#net 60.60.15.129 0
8、.0.0.0 a 2r2(config-router)#net 60.60.15.241 0.0.0.0 a 2sw2(config)#ip routingsw2(config)#router os 60sw2(config-router)#area 2 nssasw2(config-router)#net 60.60.8.8 0.0.0.0 a 2sw2(config-router)#net 60.60.15.130 0.0.0.0 a 2EIGRP:r3(config)#router ei 100r3(config-router)#net 150.3.0.0r3(config-router
9、)#router ei 60r3(config-router)#net 60.60.15.245 0.0.0.0r3(config-router)#redistribute ei 100 r3(config-router)#router os 60r3(config-router)#redistribute ei 100 sur3(config)#int s0/0r3(config-if)#ip su ei 60 198.2.0.0 255.255.248.0 r5(config)#router ei 60r5(config-router)#net 60.60.5.5 0.0.0.0r5(co
10、nfig-router)#net 60.60.15.97 0.0.0.0r5(config-router)#net 60.60.15.246 0.0.0.0r5(config-router)#net 60.60.15.250 0.0.0.0r1(config)#router ei 60r1(config-router)#net 60.60.1.1 0.0.0.0r1(config-router)#net 60.60.15.249 0.0.0.0r1(config-router)#redistribute os 60 me 10000 100 255 1 1500 route-map oer1(
11、config-router)#router os 60r1(config-router)#redistribute ei 60 subnets route-map oer1(config-router)#acc 10 per 198.2.0.0 0.0.7.255r1(config)#acc 10 per 4.1.1.0 0.0.0.255r1(config)#acc 10 per 128.28.2.0 0.0.0.255r1(config)#acc 10 per 198.1.1.4 0.0.0.3r1(config)#route-map oe deny 10r1(config-route-m
12、ap)#ma ip add 10r1(config-route-map)#route-map oe per 20sw4(config)#router ei 60sw4(config-router)#net 60.60.15.98 0.0.0.0RIP v2r2(config)#router ripr2(config-router)#ver 2r2(config-router)#pa der2(config-router)#net 60.0.0.0r2(config-router)#nei 60.60.15.33r2(config-router)#re os 60 me 11r2(config-
13、router)#router os 60r2(config-router)#re rip sur4(config)#router ripr4(config-router)#ver 2r4(config-router)#pa der4(config-router)#net 60.0.0.0r4(config-router)#nei 60.60.15.66r4(config-router)#nei 60.60.15.34sw4(config)#ip routingsw4(config)#router ripsw4(config-router)#ver 2 sw4(config-router)#pa
14、 desw4(config-router)#net 60.0.0.0sw4(config-router)#nei 60.60.15.65 sw4(config-router)#re ei 60 me 10sw4(config)#router ei 60sw4(config-router)#re rip me 100000 1 1 1 1 IPv6: r4(config)#ipv6 unr4(config)#ipv6 cefr4(config)#int f0/1r4(config-if)#ipv6 add fc01:db8:74:9:/64 eui-64 r4(config-if)#ipv6 o
15、s 60 a 0r4(config-if)#ipv6 router os 60r2(config)#ipv6 unr2(config)#ipv6 cefr2(config)#int f0/1.24r2(config-subif)#ipv6 add fc01:db8:74:9:/64 eui-64 r2(config-subif)#ipv6 os 60 a 0r2(config-subif)#int s0/0.200 pr2(config-subif)#ipv6 add fc01:db8:74:a:/64 eui-64 r2(config-subif)#ipv6 os 60 a 1r2(conf
16、ig-subif)#ipv6 router os 60r1(config)#ipv6 unicast-routing r1(config)#ipv6 cefr1(config)#int f0/1r1(config-if)#ipv6 add fc01:db8:74:b:/64 eui-64 r1(config-if)#ipv6 os 60 a 1r1(config-if)#int s0/0.100 pr1(config-subif)#ipv6 add fc01:db8:74:a:/64 eui-64 r1(config-subif)#ipv6 os 60 a 1r1(config-subif)#
17、ipv6 router os 60sw1(config)#sdm prefer dual-ipv4-and-ipv6 routingsw1(config)#ipv6 unsw1(config)#int vl 11sw1(config-if)#ipv6 add fc01:db8:74:b:/64 euisw1(config-if)#ipv6 os 60 a 1sw1(config-if)#ipv6 router os 60bgp R3:router bgp 601no syno aubgp con id 60bgp con peers 602nei 60.60.1.1 remote 601nei
18、 60.60.1.1 up l0nei 60.60.5.5 remote 601nei 60.60.5.5 up l0nei 60.60.10.10 remote 601nei 60.60.10.10 up l0R5:router bgp 601no syno aubgp con id 60bgp con peers 602nei 60.60.1.1 remote 601nei 60.60.1.1 up l0nei 60.60.3.3 remote 601nei 60.60.3.3 up l0nei 60.60.10.10 remote 601nei 60.60.10.10 up l0nei
19、150.1.60.254 remote 254r5(config-router)#nei 150.1.60.254 route-map loc inr5(config-router)#acc 50 per 197.68.16.0 0.0.15.255r5(config)#route-map loc per 10r5(config-route-map)#ma ip add 50r5(config-route-map)#set local-preference 150R1:router bgp 601no syno aubgp con id 60bgp con peers 602nei 60.60
20、.2.2 remote 602nei 60.60.2.2 ebnei 60.60.2.2 up l0nei 60.60.3.3 remote 601nei 60.60.3.3 up l0nei 60.60.5.5 remote 601nei 60.60.5.5 up l0nei 60.60.10.10 remote 601nei 60.60.10.10 up l0SW4:router bgp 601No syno aubgp con id 60bgp con peer 602nei 60.60.1.1 remote 601 nei 60.60.1.1 up l0nei 60.60.2.2 re
21、mote 602nei 60.60.2.2 ebnei 60.60.2.2 up l0nei 60.60.3.3 remote 601 nei 60.60.3.3 up l0nei 60.60.5.5 remote 601 nei 60.60.5.5 up l0R2:router bgp 602no syno aubgp con id 60bgp con peer 601nei 60.60.1.1 remote 601nei 60.60.1.1 ebnei 60.60.1.1 up l0nei 60.60.8.8 remote 602nei 60.60.8.8 up l0nei 60.60.1
22、0.10 remote 601nei 60.60.10.10 ebnei 60.60.10.10 up l0sw2:router bgp 602no syno aubgp con id 60bgp con peer 601nei 60.60.2.2 remote 602nei 150.2.60.254 remote 254IP Multicast3.1 Implement PIM spares Mode for IPv6 Multicast (3 points)Enable PIM sparse mode (PIM-SM) on the LAN between R4-F0/1 and R2-G
23、i0/1, and on the WAN between R2-S0/0/0 and R1-S0/0/0, using these criteria: Configure R4-F0/1 to be the rendezvous point(RP) for the FF08:4000:4000Multicast group. No other groups should be permitted.翻译:3.1实施PIM 稀疏模式对于IPV6的组播启用稀疏模式在R4的F0/1和R2的G0/1之间,并且在R2的S0/0和R1的S0/0之间,使用这些标准:1)配置R4的F0/1成为汇聚点对于FF08
24、:4000:4000组播组。2)没有其他组被允许。3.1 IP组播r2(config)#ipv6 multicast-routingr2(config)#ipv6 pim rp-address R4的F0/1地址r4(config)#ipv6 multicast-routingr4(config)#ipv6 pim rp- R4的F0/1地址检查:r2#sh ipv6 pim neighbor PIM Neighbor TableMode: B - Bidir Capable, G - GenID CapableNeighbor Address Interface Uptime Expires
25、 Mode DR priFE80:207:85FF:FEA1:E001 Serial2/0.200 00:05:16 00:01:28 B G 1FE80:202:16FF:FE75:1C01 Ethernet3/0.24 00:06:01 00:01:40 B G 13.2 Multicast Joins (3 points) Configure R1-S0/0/0.z as an IPv6 receiver for the multicast group FF08:4000:4000 R4 should be able to ping the multicast group FF08:40
26、00:4000翻译:组播加入1) 配置R1的s0/0.z作为一个ipv6接收者对于组ff08:4000:4000.2) R4应该能ping通这组地址。3.2 组播R1:ipv6 multicast-routingInt s0/0.100 pointipv6 mld join-group ff08:4000:4000 R4的F0/1接口地址(RP地址)检查:R1#sh ipv6 mld groups MLD Connected Group MembershipGroup Address Interface Uptime ExpiresFF08:4000:4000 Serial0/0.100 00
27、:01:47 never R1#sh ipv6 pim neigh Neighbor Address Interface Uptime Expires DR pri BidirFE80:2E0:1EFF:FE81:8DC1 Serial0/0.100 02:45:24 00:01:29 1 (DR) BR1#Section IV. Advanced Services (21 points)4.1 Secure HTTP Access (3 points) Enable secure HTTP access for R5(在R5上启用HTTPS) Enable authentication us
28、ing the list HTTP , which utilizes local user authentication . (使用HTTP列表启用认证,利用本地用户认证) Configure two different users for access to R5, the user cisco(passwordcisco),who only has privilege 1 access to R5, and the user ADMIN(passwordCISCO),who has privilege 15 access to R5(配置两个不同的用户对于接入R5,用户cisco,密码ci
29、sco,具有级别1,然后用户admin,密码cisco,具有级别15。) Do not modify console and vty lines login and password configuration(不要修改console和 vty线路的登录和密码配置) Do not enable service password encryption. (不要启用全局加密)4.1 安全的HTTP访问r5(config)#aaa new-model r5(config)#aaa authentication login http localr5(config)#user cisco passwor
30、d ciscor5(config)#user ADMIN privilege 15 pas CISCOr5(config)#ip http serr5(config)#ip http authentication aaa login-authentication httpr5(config)#ip http secure-server 4.2 Secure the WAN PPP Links (3 points)Enable Challenge Handshake Authentication Protocol(CHAP) on R5 for the link to R1 and R3, according to the following requirements On r5 ,Use an authentication, authorization, and accounting(AAA) list named R1 and R3 for R1 and R3, respectively At r5,Authentication for R1 should first try the Radius Serve
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1