lab2实验步骤整理
1.二层链路划vlan
SW3-4:
e0/0:vlan156
e0/1:SW3: vlan153
e0/1:SW4: vlan164
SW5-6:
e0/1: vlan100
e0/0: vlan173
e0/0: vlan184
SW1-2:
e0/2-3:vlan999
e1/0-3:vlan999
e2/0-3:vlan999
e3/0-3:vlan999
SW3-4:
e0/2-3:vlan999
e1/2-3:vlan999
e2/2-3:van999
e3/0-3:vlan999
SW5-6:
e0/2-3:vlan999
e1/2-3:vlan999
e2/0-3:vlan999
e3/0-3:vlan999
2.SW3-6配置trunk链路
SW3-4:
int r e2/0-1:
sw mo tr
sw tr en dot
channel-group 34 mo act
int r e1/0-1
sw mo tr
sw tr en dot
channel-group 35(36) mo act
SW5-6
int r e1/0-1
sw mo tr
sw tr en dot
channel-group 35(46) mo pass
3.SW3-6端口安全**
sp mo rapid
sw portfast edge default
sw portfast edge bpduguard def
(所有trunk接口下)sw nonegotia
4.SW3-4优先级
SW3: sp vlan1-1005 pri 0
SW4: sp vlan1-1005 pri 4096
5.SW3-6负载
SW3: port-channel load-balance src-dst-ip
SW4: port-channel load-balance src-dst-ip
SW5: port-channel load-balance src-mac
SW6: port-channel load-balance src-mac
6.R19-21(2,5)
- int e0/0 (记住这个接口0/0)
- pppoe enable
- pppoe-client dial-pool 1
- int di1
- ip add negotiation
- en ppp
- ppp chap host Jamesons-R19-21(注意这里只有首字母大写)
- ppp chap pass CCIE
- dialer pool 1
- ip route 192.0.2.0 255.255.255.0 di 1 49.49.49.49(别忘了)
7.R1-8 ospf
这里建议R2最后配置,因为R2的接口角色必须全是BDR
先要在ospf进程下指定router-id
int r e0/0-3,e1/0,l0(此处记住几个接口地址即可)
ip o 1 a 0
int r e0/0-3,e1/0
ip os pri 255
(R1-2是按上述的方式,但是R2是254)
int e0/0,e0/2,l0
ip o 1 a 0
(R3-8是按下面的方式配置)
int e0/0,l0
ip o 1 a 0
(R9-10 只需要宣告一个接口)
8.SW1,R11,R12
- SW1:所有接口network宣告进ospf,vlan100-101指定优先级255
- R11-12:network后,直接下放默认default-information originate always
9.SW2,R13,R14同理
10.SW3 ,SW4全部宣告,passive掉vlan100,101,911,R15,16,17正常宣告
- 注意R17直接下放默认(没有always)
- R15-16将bgp 重分布进ospf
- 将tunnel口宣告进area 51
- 配置area 51的stub区
11.R17,R19-21 NHRP
int tunnel 0
ip nhrp auth cisco
ip nhrp net 1234
ip nhrp map multica dyna
ip nhrp redirect
ip ospf net point-to-mul
ip os hello 10
tunnel source e0/0
tunnel mode gre multipoint
tunnel key 4321
(R19-21直接将ospf的stub也宣告)
int tunnel 0
ip nhrp auth cisco
ip nhrp net 1234
ip nhrp short
ip nhrp map 10.0.100.1 192.0.2.2
ip nhrp map multi 192.0.2.2
ip nhrp nhs 10.0.100.1
tunnel mo gre multi
tunnel sou dial 1
tunnel key 4321
12.R50-54
route-map EX172 permit 10
match route-type external
set tag 172.172.172.172
route-map EX172 permit 20
route-tag notation dot
route-map 52 per 10
match int l52
set tag 172.172.172.172
(注意看这里没有放过其他)
router eigrp JACOBS
add ipv4 un a 1(这条之后可以network)
topo base
distribute-list route-map EX172 in
(仅针对R52) redistribute connect route-map 52 (重分布此处没有in)
13.R55,R56,R58
考场有预配,都是bgp和eigrp双向重分布
14.BGP:R11-12
- 汇聚10.1.0.0 only
- 重分布ospf
15.BGP:R13-14
- 汇聚10.3.0.0 only
- 重分布ospf
16.BGP:R15-16
- 汇聚10.2.0.0 only
- 重分布ospf
- 指定邻居下放默认nei 13.1.1.1 default-originate
17,R1
- 指定router-id
- no bgp default ipv4
- 创建RR,指定remote-id,和源接口,nei RR peer-group
- 单独指定R6和R8
- add ipv4
R3-8全部激活
RR 指定routr-reflector-client
R6 指定routr-reflector-client
R8 指定routr-reflector-client
R3-8
no bgp default ipv4
nei 10.255.1.1 remote 65001
nei 10.255.1.1 up
add ipv4
nei 10.255.1.1 act
nei 10/255.1.1 next-hop-s
18.R18,R57
-
将bgp重分布进igp,在R18时要指定metric-type 1
-
在BGP里需要汇总10.0.0.0和172.0.0.0.0不加only
-
network 10.2.1.0 和172.18.1.0 255.255.255.0
-
R9-10
-
创建eigrp并network
-
双向重分布,在分布进ospf时指定tag 100
-
只有在ospf里才需要写route-map防环并调用
route-map TAG100 deny 10
match tag 100
route-map TAG100 per 20
19. SW3,SW4,R15,R16 ospfv3
ipv6 unicast
router ospfv3 1
router-id XXXX
int r l0,vlan34,vlan100,vlan153(164)
ospfv3 1 ipv6 area 0
int vlan100
ipv6 nd router-preference high(medium)
ipv6 nd ra interval 20
R15-16
int r e0/0,e0/2,l0
ospfv3 1 ipv6 area 0
20.SW 3-4 standby(5,4)
int vlan100
standby 34 ver 2
stand by 34 preempt
standby 34 pri 110(sw4没有这个)
standby 34 ipv6 FE80: 100::1
standby 34 timer 1 3
21.R17,R19-21组播
ip multicast
int r e0/1,l0,tunnel0
ip pim sparse
(以上是相同的)
R17:
ip pim rp-candidate l0
ip pim bsr-candidate l0 0 192
R19-21
int e0/1
ip igmp join-group 239.1.1.1
22.R17,R19-R21(10,1)
int e0/1
crypto isakpm enable
crypto isakmp policy 10
en aes
group 2
auth pre
crypto isakmp key CCIE address 0.0.0.0
crypto ipsec transform-set CCIEXFORM esp-aes
mode trans
crypto ipsec profile DMVPNPROFILE
set transform-set CCIEXFORM
int tunnel0
tunnel protection ipsec profile DMVPNPROFILE
23.R1-8 mpls
mpls label protocol ldp
mpls ldp router-id l0 force
router os 1
mpls ldp autoconfig(可能会有预配show mpls int)
24.R1-8 vpnv4
router bgp 65001
add vpnv4
R3-8激活
nei RR route-reflector-client
bgp addit back select
nei 10.255.1.6 route-reflector-client
nei 10.255.1.6 adver diver back
nei 10.255.1.8 route-reflector-client
nei 10.255.1.8 adver diver back
R3-8
router bgp 65001
add vpnv4
nei 10.255.1.1 act
25.R3-R4 GREEN
ip vrf GREEN
rd 65002:2
route-target export 65002:2
route-target import 65002:1
route-target import 65002:3
route-target import 65005:18
route-target import 65007:17
int e0/1
do sh run int e0/1
ip vrf f GREEN
router bgp 65001
add ipv4 vrf GREEN
nei 直连 remote 65002
nei 直连 act
nei 直连 as-over
26.R5-6 GREEN
ip vrf GREEN
rd 65002:3
route-target export 65002:3
route-target import 65002:2
int e0/1
do sh run int e0/1
ip vrf f GREEN
router bgp 65001
add ipv4 vrf GREEN
nei 直连 remote 65002
nei 直连 act
nei 直连 as-over
27.R7-8 RED
ip vrf RED
rd 65002:1
route-target export 65002:1
route-target import 65002:2
route-target import 65005:18
route-target import 65007:17
int e0/0(注意red时改变)
do sh run int e0/0
ip vrf f RED
router bgp 65001
add ipv4 vrf RED
nei 直连 remote 65002
nei 直连 act
nei 直连 as-over
28.EIGRP 的mpls
R50-54,R9,R10
mpls label protocol ldp
mpls ldp router-id l0 for
int e0/0
mpls ip
R9-10,R53-54
int r e0/0-1
mpls ip
29.R1与R50-52建立邻居关系
router bgp 65001
nei 172.30.1.50 remote 65001
nei 172.30.1.51 remote 65001
nei 172.30.1.52 remote 65001
add vpnv4
nei 172.30.1.50 act
nei 172.30.1.51 act
nei 172.30.1.52 act
nei 172.30.1.51 weight 10
R50
ip vrf GREEN
rd 65005:18
route-target ex 65005:18
route-target im 65002:1
route-target im 65002:2
route-target im 65007:17
int e0/1
do sh run int e0/1
ip vrf f GREEN
no router bgp 65006
router bgp 65001
router-id 173/30.1.50
nei 10.255.1.1 remote 65001
nei 10.255.1.1 up l0
add vpnv4
nei 10.255.1.1 act
add ipv4 vrf GREEN
nei 直连 remote 65005
nei 直连 local 65006
nei 直连 act
此处注意R57的是BLUE
30.TTL
ip access extend TTL_ACL
deny ospf any any
deny pim any any
deny tcp host 192.0.2.1 eq bgp any ttl eq 1
deny tcp host 192.0.2.1 any eq bgp ttl eq 1
permit ip any any ttl eq 0
permit ip any any ttl eq 1
class-map match-all TTL_MAP
match access-group name TTL_ACL
policy-map TTL_COPP
class TTL_MAP
drop
control-plane
service-policy input TTL_COPP
31.DHCP
SW3-4
int vlan100
ip helper-add 10.255.1.15
R15
service dhcp
ip dhcp exclude-add 10…2.1.1
ip dhcp exclude-add 10.2.1.253 10.2.1.254
ip dhcp pool VLAN100
netw 10.2.1.0 /24
default-router 10.2.1.1
32.NAT
access-list 17 permit 10.0.0.0 0.255.255.255
access-list 17 permit 172.0.0.0 0.255.255.255
ip nat inside source list 17 int e0/0 overload
int r e0.1,l0,t0
ip nat in
int e0/0
ip nat out
33.ipv4 atsndby
int vlan 100
stand 43 ipv4 10.2.1.1
stand 43 preem
stand 43 pri 109
stand 43 track 1 dec 10
stand 43 time 1 3
track 1 ip route 0.0.0.0 0.0.0.0 reach
34 trust
SW5-6
ip dhcp snoop
ip dhcp snoop vlan 100
ip dhcp snoop verify mac-add
int p 35(46)
ip dhcp snoop trust
SW3-4
int vlan 100
ip dhcp relay information trust
***********************END *********************************