LAB2步骤

最新推荐文章于 2023-02-19 20:53:49 发布

我的猫叫土豆

最新推荐文章于 2023-02-19 20:53:49 发布

阅读量2.5k

点赞数 3

分类专栏：网络文章标签： CCIE LAB

本文链接：https://blog.csdn.net/ambzheng/article/details/89105479

版权

网络专栏收录该内容

29 篇文章 1 订阅

订阅专栏

lab2实验步骤整理

1.二层链路划vlan

SW3-4：
e0/0：vlan156
e0/1：SW3: vlan153
e0/1：SW4: vlan164

SW5-6:
e0/1: vlan100
e0/0: vlan173
e0/0: vlan184

SW1-2：
e0/2-3：vlan999
e1/0-3：vlan999
e2/0-3：vlan999
e3/0-3：vlan999

SW3-4:
e0/2-3：vlan999
e1/2-3：vlan999
e2/2-3：van999
e3/0-3：vlan999

SW5-6：
e0/2-3：vlan999
e1/2-3：vlan999
e2/0-3：vlan999
e3/0-3：vlan999

2.SW3-6配置trunk链路

SW3-4:
int r e2/0-1：
sw mo tr
sw tr en dot
channel-group 34 mo act

int r e1/0-1
sw mo tr
sw tr en dot
channel-group 35(36) mo act

SW5-6
int r e1/0-1
sw mo tr
sw tr en dot
channel-group 35(46) mo pass

3.SW3-6端口安全**
sp mo rapid
sw portfast edge default
sw portfast edge bpduguard def
(所有trunk接口下)sw nonegotia

4.SW3-4优先级
SW3: sp vlan1-1005 pri 0
SW4: sp vlan1-1005 pri 4096

5.SW3-6负载
SW3: port-channel load-balance src-dst-ip
SW4: port-channel load-balance src-dst-ip
SW5: port-channel load-balance src-mac
SW6: port-channel load-balance src-mac

6.R19-21(2,5)

int e0/0 (记住这个接口0/0)
pppoe enable
pppoe-client dial-pool 1
int di1
ip add negotiation
en ppp
ppp chap host Jamesons-R19-21(注意这里只有首字母大写)
ppp chap pass CCIE
dialer pool 1
ip route 192.0.2.0 255.255.255.0 di 1 49.49.49.49(别忘了)

7.R1-8 ospf

这里建议R2最后配置,因为R2的接口角色必须全是BDR

先要在ospf进程下指定router-id
int r e0/0-3,e1/0,l0(此处记住几个接口地址即可)
ip o 1 a 0
int r e0/0-3,e1/0
ip os pri 255
（R1-2是按上述的方式，但是R2是254）

int e0/0,e0/2,l0
ip o 1 a 0
（R3-8是按下面的方式配置）

int e0/0,l0
ip o 1 a 0
(R9-10 只需要宣告一个接口)

8.SW1,R11,R12

SW1：所有接口network宣告进ospf，vlan100-101指定优先级255
R11-12：network后，直接下放默认default-information originate always

9.SW2,R13,R14同理

10.SW3 ,SW4全部宣告，passive掉vlan100，101，911，R15，16，17正常宣告

注意R17直接下放默认(没有always)
R15-16将bgp 重分布进ospf
将tunnel口宣告进area 51
配置area 51的stub区

11.R17，R19-21 NHRP
int tunnel 0
ip nhrp auth cisco
ip nhrp net 1234
ip nhrp map multica dyna
ip nhrp redirect
ip ospf net point-to-mul
ip os hello 10
tunnel source e0/0
tunnel mode gre multipoint
tunnel key 4321

（R19-21直接将ospf的stub也宣告）
int tunnel 0
ip nhrp auth cisco
ip nhrp net 1234
ip nhrp short
ip nhrp map 10.0.100.1 192.0.2.2
ip nhrp map multi 192.0.2.2
ip nhrp nhs 10.0.100.1
tunnel mo gre multi
tunnel sou dial 1
tunnel key 4321

12.R50-54
route-map EX172 permit 10
match route-type external
set tag 172.172.172.172
route-map EX172 permit 20

route-tag notation dot

route-map 52 per 10
match int l52
set tag 172.172.172.172
(注意看这里没有放过其他)

router eigrp JACOBS
add ipv4 un a 1（这条之后可以network）
topo base
distribute-list route-map EX172 in
(仅针对R52) redistribute connect route-map 52 (重分布此处没有in)

13.R55,R56,R58
考场有预配，都是bgp和eigrp双向重分布

14.BGP:R11-12

汇聚10.1.0.0 only
重分布ospf

15.BGP:R13-14

汇聚10.3.0.0 only
重分布ospf

16.BGP:R15-16

汇聚10.2.0.0 only
重分布ospf
指定邻居下放默认nei 13.1.1.1 default-originate

17，R1

指定router-id
no bgp default ipv4
创建RR,指定remote-id，和源接口，nei RR peer-group
单独指定R6和R8
add ipv4
R3-8全部激活
RR 指定routr-reflector-client
R6 指定routr-reflector-client
R8 指定routr-reflector-client

R3-8
no bgp default ipv4
nei 10.255.1.1 remote 65001
nei 10.255.1.1 up
add ipv4
nei 10.255.1.1 act
nei 10/255.1.1 next-hop-s

18.R18,R57

将bgp重分布进igp，在R18时要指定metric-type 1
在BGP里需要汇总10.0.0.0和172.0.0.0.0不加only
network 10.2.1.0 和172.18.1.0 255.255.255.0
R9-10
创建eigrp并network
双向重分布，在分布进ospf时指定tag 100
只有在ospf里才需要写route-map防环并调用
route-map TAG100 deny 10
match tag 100
route-map TAG100 per 20

19. SW3,SW4,R15,R16 ospfv3
ipv6 unicast
router ospfv3 1
router-id XXXX
int r l0,vlan34,vlan100,vlan153(164)
ospfv3 1 ipv6 area 0
int vlan100
ipv6 nd router-preference high(medium)
ipv6 nd ra interval 20

R15-16
int r e0/0,e0/2,l0
ospfv3 1 ipv6 area 0

20.SW 3-4 standby（5，4）
int vlan100
standby 34 ver 2
stand by 34 preempt
standby 34 pri 110(sw4没有这个)
standby 34 ipv6 FE80: 100::1
standby 34 timer 1 3

21.R17，R19-21组播
ip multicast
int r e0/1,l0,tunnel0
ip pim sparse
(以上是相同的)

R17：
ip pim rp-candidate l0
ip pim bsr-candidate l0 0 192

R19-21
int e0/1
ip igmp join-group 239.1.1.1

22.R17,R19-R21(10,1)
int e0/1
crypto isakpm enable
crypto isakmp policy 10
en aes
group 2
auth pre
crypto isakmp key CCIE address 0.0.0.0
crypto ipsec transform-set CCIEXFORM esp-aes
mode trans
crypto ipsec profile DMVPNPROFILE
set transform-set CCIEXFORM
int tunnel0
tunnel protection ipsec profile DMVPNPROFILE

23.R1-8 mpls
mpls label protocol ldp
mpls ldp router-id l0 force
router os 1
mpls ldp autoconfig(可能会有预配show mpls int)

24.R1-8 vpnv4
router bgp 65001
add vpnv4
R3-8激活
nei RR route-reflector-client
bgp addit back select
nei 10.255.1.6 route-reflector-client
nei 10.255.1.6 adver diver back
nei 10.255.1.8 route-reflector-client
nei 10.255.1.8 adver diver back

R3-8
router bgp 65001
add vpnv4
nei 10.255.1.1 act

25.R3-R4 GREEN
ip vrf GREEN
rd 65002:2
route-target export 65002:2
route-target import 65002:1
route-target import 65002:3
route-target import 65005:18
route-target import 65007:17
int e0/1
do sh run int e0/1
ip vrf f GREEN
router bgp 65001
add ipv4 vrf GREEN
nei 直连 remote 65002
nei 直连 act
nei 直连 as-over

26.R5-6 GREEN
ip vrf GREEN
rd 65002:3
route-target export 65002:3
route-target import 65002:2
int e0/1
do sh run int e0/1
ip vrf f GREEN
router bgp 65001
add ipv4 vrf GREEN
nei 直连 remote 65002
nei 直连 act
nei 直连 as-over

27.R7-8 RED
ip vrf RED
rd 65002:1
route-target export 65002:1
route-target import 65002:2
route-target import 65005:18
route-target import 65007:17
int e0/0(注意red时改变)
do sh run int e0/0
ip vrf f RED
router bgp 65001
add ipv4 vrf RED
nei 直连 remote 65002
nei 直连 act
nei 直连 as-over

28.EIGRP 的mpls
R50-54,R9,R10
mpls label protocol ldp
mpls ldp router-id l0 for
int e0/0
mpls ip
R9-10,R53-54
int r e0/0-1
mpls ip

29.R1与R50-52建立邻居关系
router bgp 65001
nei 172.30.1.50 remote 65001
nei 172.30.1.51 remote 65001
nei 172.30.1.52 remote 65001
add vpnv4
nei 172.30.1.50 act
nei 172.30.1.51 act
nei 172.30.1.52 act
nei 172.30.1.51 weight 10

R50
ip vrf GREEN
rd 65005:18
route-target ex 65005:18
route-target im 65002:1
route-target im 65002:2
route-target im 65007:17

int e0/1
do sh run int e0/1
ip vrf f GREEN

no router bgp 65006
router bgp 65001
router-id 173/30.1.50
nei 10.255.1.1 remote 65001
nei 10.255.1.1 up l0
add vpnv4
nei 10.255.1.1 act

add ipv4 vrf GREEN
nei 直连 remote 65005
nei 直连 local 65006
nei 直连 act

此处注意R57的是BLUE

30.TTL
ip access extend TTL_ACL
deny ospf any any
deny pim any any
deny tcp host 192.0.2.1 eq bgp any ttl eq 1
deny tcp host 192.0.2.1 any eq bgp ttl eq 1
permit ip any any ttl eq 0
permit ip any any ttl eq 1

class-map match-all TTL_MAP
match access-group name TTL_ACL

policy-map TTL_COPP
class TTL_MAP
drop

control-plane
service-policy input TTL_COPP

31.DHCP
SW3-4
int vlan100
ip helper-add 10.255.1.15

R15
service dhcp
ip dhcp exclude-add 10…2.1.1
ip dhcp exclude-add 10.2.1.253 10.2.1.254
ip dhcp pool VLAN100
netw 10.2.1.0 /24
default-router 10.2.1.1

32.NAT
access-list 17 permit 10.0.0.0 0.255.255.255
access-list 17 permit 172.0.0.0 0.255.255.255
ip nat inside source list 17 int e0/0 overload
int r e0.1,l0,t0
ip nat in
int e0/0
ip nat out

33.ipv4 atsndby
int vlan 100
stand 43 ipv4 10.2.1.1
stand 43 preem
stand 43 pri 109
stand 43 track 1 dec 10
stand 43 time 1 3
track 1 ip route 0.0.0.0 0.0.0.0 reach

34 trust
SW5-6
ip dhcp snoop
ip dhcp snoop vlan 100
ip dhcp snoop verify mac-add
int p 35(46)
ip dhcp snoop trust

SW3-4
int vlan 100
ip dhcp relay information trust

***********************END *********************************