注意:所有ospf都要在接口下宣告
1:二层链路vlan划分
SW3-4: e0/0 vlan156
SW3: e0/1 vlan 153
SW4: e0/1 vlan 164
SW5-6: e0/1 vlan100
SW5:e0/0 vlan 173
SW6:e0/0 vlan 184
valn 999 shut
SW1-2: e0/2-3,e1/0-3,e2/0-3,e3/0-3
SW3-4: e0/2-3,e1/2-3,e2/2-3,e3/0-3
SW5-6: e0/2-3,e1/2-3,e2/0-3,e3/0-3
2:spanning-tree mst
SW3-6:
sp mo mst
sp mst conf
name cisco
revision 1
instan 1 vlan 1,34,100-101,153,156
instan 2 vlan 164,173,184,911,999
SW3:
sp mst 1 pri 4096
sp mst 2 pri 0
SW4:
sp mst 1 pri 0
sp mst 2 pri 4096
int e0/2
sp mst 1 port-pri 192
3:配置链路聚合
SW3-6:
int r e1/0-1
sw mo tr
sw tr en dot
SW3: channel-group 35 mode auto
port-channel load src-dsr-ip
SW4: channel-group 46 mode auto
port-channel load src-dst-ip
SW5: channel-group 35 mo desirable
port-channel load src-mac
SW6:channel-group 46 mode desirable
port-channle load src-mac
4:R19-21 pppoe
int e0/0
pppoe enable
pppoe-client dial-pool 1
int di 1
ip add nego
en ppp
ppp chap host Jamesons-R19
ppp chap pass CCIE
dialer pool 1
ppp ipcp route default(前提不使用默认)
5:R1-8 ospf为考场预配,不需选DR,BDR
6:SW1,R11,R12接口宣告ospf,不需要设置优先级,下放默认加always
7:SW2,R13,R14接口宣告ospf,不需要设置优先级,下放默认加always
8:SW3,SW4在vlan接口宣告,passive100,101,911,网络类型改为点到点,R15-16也改为点到点,并且重分布bgp进去
9: R17,19-21 vrf 考场预配
ip vrf Corp
rd 65002:17,19-21
int l0,tu0,e0/1
ip vrf f Corp
R17:(7)
ip route vrf Corp 0.0.0.0 0.0.0.0 192.0.2.1 global
router ospf 1 vrf Corp(注意这里)
router-id xxx
capability vrf-lite (新加入的)
default-information originate (下放默认没有always)
area 0 10.2.0.0 255.255.0.0(igp汇总区别于lab2)
接口宣告进ospf
将area0 的接口改为点到点
int tunnel0(9)
ip nhrp auth cisco
ip nhrp net 1234
ip nhrp map multicast dynamic
ip nhrp redirect
ip os net point-to-m
tunnel sou e0/0
tunnel mo gre multi
tunnel key 4321
ip os 1 a 51 (容易忘)
R19-21
router os 1 vrf Corp
router-id xxx
capacity vrf-lite
接口下宣告ospf
int tunnel 0(10)
ip nhrp auth cisco
ip nhrp net 1234
ip nhrp map multicast 192.0.2.2
ip nhrp map 10.0.100.1 192.0.2.2
ip nhrp short
ip nhrp nhs 10.0.100.1
ip os net point-to-m
tunnel sou di 1
tunnel key 4321
tunnel mode gre mul
10:R50-54
正常配置命名的EIGRP,没有route-map匹配外部路由
有预配,可以升级,也可以先删除重新配置
在network级别加上metric rib-scale 153
R52:
route-map lo52 per 10
match int l52
topo base
redistribute connect route-map lo52
11: R55,56,58在考场都有预配记得检查一遍,都是双向重分布
12:BGP R11-12
汇总 10.1.0.0 255.255.0.0 summary-only
重分布ospf进去
allows-in
13:BGP R13-14
汇总 10.3.0.0 255.255.0.0 summary-only
重分布ospf进去
allows-in
15:BGP R15-16
汇总 10.0.0.0 255.255.0.0 summary-only(注意这里是10.0.0.0)
重分布ospf进去,指定metric =2(R18走后门,因为默认metric=1)
allows-in
指邻居下放默认
16:R1的BGP
no bgp default ipv4
创建RR将R3-8全部放入
add ipv4
指定反射
全部激活
R3-8的BGP
nei 10.255.1.1
no bgp default ipv4
add ipv4
nei 10.255.1.1 act
nei 10.255.1.1 next-hop-s
17:R9-10(没有route-map打标记)
双向重分布
EIGRP指定metric rib 153
18:R18,R57双向重分布
R18:
ip prefix 10 per 10.0.0.0/8
ip prefix 10 per 10.2.100.0/24
route-map UNSUP per 10
match ip add prefix 10
router os 1
redistribute bgp 65002 sub
router bgp 65002
redistribute ospf 1
nei R57 unsuppress-map UNSUP
汇总 10.0.0.0 255.0.0.0 summary
R57:
ip prefix 10 per 172.0.0.0
ip prefix 10 per 172.18.1.0
route-map UNSUP per 10
match ip prefix 10
router ei JACOBS
router-id xxx1
redis bgp 65005 metric 1 1 1 1 1
router bgp 65005
router-id xxx
redis ei 10
nei R18 unsuppress UNSUP
汇总172.0.0.0 255.0.0.0 summary
19:R55,R56双向重分布
ip prefix EIGRP seq 5 per 172.0.0.0/9 le 32
route-map EIGRP per 10
match ip add prefix EIGRP
router bgp 65005
redis eigrp 10 route-map EIGRP
router ei 10
redis bgp 65005 met 1000 1 1 1 1
20: ospfv3
SW3-4:
ipv6 unic
int r l0,vlan34,vlan100,vlan153(164)
router ospfv3 1
router-id xxx
ospfv3 1 ipv6 area 0
add ipv6 uni
pass vlan 100
int vlan 100
ipv6 nd int 10
ipv6 nd ra router-preference med(high)
R15-16
ipv6 unicast
router ospfv3 1
router-id xxx
int r l0,e0/0,e0/2
ospfv3 1 ipv6 area 0
21.standby(5)
SW3:
int vlan 100
stand 34 ipv6 FE80: 100::1
stand 34 pree
stand 34 pri 254
stand 34 time 5 15
stand 34 ver 2
SW4:
int vlan 100
stand 34 ipv6 FE80: 100::1
stand 34 pree
stand 34 pri 255
stand 34 time 5 15
stand 34 ver 2
22:组播
R17:
ip multi vrf Corp
ip pim vrf Corp autorp listener
ip pim vrf Corp send-rp-announce l0 scope 10
ip pim vrf Corp send-rp-discover l0 scope 10
int r e0/1,l0,t0
ip pim sparse
int t0
ip pim nbma
ip pim dr-priority 10
R19-21
ip mul vrf Corp
ip pim vrf Corp autorp listener
ip pim vrf Corp spt-threshold infinite
int t0
ip pim dr-pri 0
R20-21
int e0/1
ip igmp join 239.1.1.1
23: R17,R19-21 ipsec
router os 1 vrf Corp
router-id xxx
crypto isakmp enable
crypto isakmp policy 10
en aes
auth pre
group 2
crypto isakmp key CCIE address 0.0.0.0
crypto ipsec transform-set CCIEXFORM esp-aes
mode trans
crypto ipsec profile DMVPNPROFILE
set trans CCIEXFORM
int t0
tunnel protect ipsec profile DMVPNPROFILE
24:R1-8 mpls
25: R1的vpnv4配置进配置激活和反射
26:R3-R4的PE配置DC
route-map soo per 10
set extcommunity soo 65002:200
ip vrf DC
rd 65002:115
rd 65002:116
route-target export 65002:123
route-target import 65002:999
int e0/1
ip vrf f DC
router bgp 65001
add ipv4 vrf DC
nei xxx remote
nei xxx act
nei xxx route-map soo in
R5-6:Corp
route-map soo per 10
set extcommunity soo 65002:300
ip vrf Corp
rd 65002:113
rd 65002:114
route-target export 65002:100
route-target export 65002:999
route-target import 65002:100
route-target import 65002:123
int e0/2
ip vrf f Corp
router bgp 65002
add ipv4 vrf Corp
nei xxx remote
nei xxx act
nei xxx route-map soo in
R7-8:Corp
route-map soo per 10
set extcommunity soo 65002:100
ip vrf Corp
rd 65002:111
rd 65002:112
route-target export 65002:100
route-target export 65002:999
route-target import 65002:100
route-target import 65002:123
int e0/0 (区别于上述e0/2)
ip vrf f Corp
router bgp 65002
add ipv4 vrf Corp
nei xxx remote
nei xxx act
nei xxx route-map soo in
27:R9-10,R50-54 MPLS
28:R1与R 50-52建立ipv4和vpnv4邻居,仅激活
ip vrf JacobsCorp
rd 65002:255(256,258)
route-target export 65002:200
route-target export 65002:999
route-target import 65002:200
route-target import 65002:123
int e0/1
ip vrf f JacobsCorp
no router bgp 65006
router bgp 65001
add ipv4 vrf JacobsCorp
nei xxx remote
nei xxx loacl 65006 no-p replace
R1:
router bgp 65001
将R50-52加入RR, 在ipv4和vpnv4下激活
29.TTL
ip access-list extend TRUSTED
per tcp host 192.0.2.1 any eq bgp ttl eq 1
per tcp host 192.0.2.1 eq bgp any ttl eq 1
per ospf any any
per pim any any
class-map match-all COPP-CM-EBGP
match access name TRUSTED
ip access-list extend TTL-0-1
per ip any any ttl eq 0
per ip any any ttl eq 1
class-map match-all COPP-CM-TTL-0-1
match access name TTL-0-1
policy-map COPP-PM
class COPP-CM-EBGP
class COPP-CM-TTL-0-1
drop
control-plane
service-policy input COPP-PM
30:DHCP
int vlan 100
ip helper-add 10.255.1.15
service dhcp
ip dhcp ex 10.2.100.1
ip dhcp ex 10.2.100.253
ip dhcp ex 10.2.100.254
ip dhcp pool VLAN100
host 10.2.100.100 255.255.255.0
client-ident 01+mac地址
default 10.2.100.1
R101是考场预配
int e0/0
mac-add xxxx
ip add dhcp client e0/0
ipv6 add xxxx
ipv6 en
ipv6 nd auto def
31:NAT
ip route vrf Corp 0.0.0.0 0.0.0.0 192.0.2.1 global(新加入的)
access 17 per 10.0.0.0 0.255.255.255
access 17 per 172.0.0.0 0.255.255.255
ip nat inside sou list 17 int e0/0 vrf Corp over
int e0/0
ip nat outside
int r e0/1,l0,t0
ip nat inside
32:ipv4 standby
int vlan 100
st v 2
st 43 ip 10.2.100.1
st 43 time 5 15
st 43 pri 109
st 43 pree
st 43 track 1 dec 10
track 1 ip rou 0.0.0.0 0.0.0.0 reach
33.trust
SW5-6:
ip dhcp snoop
ip dhcp snoop vlan 100
ip dhcp snoop verif mac
int port35(46)
ip dhcp snoop trust
SW3-4:
int vlan100
ip dhcp relay inform trust
扫一扫
1836
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
