k1(解法02-2-15修改).doc

Section1 layer 2 Technologies Errors in the initial config SW1 vtp domain name is ccieroutingandswitchingyy and the others are ccieroutingandswitching. Solution :change SW1 vtp domain name to ccieroutingandswitching A:SW1 VTP password is cisc0 and the others are cisco. Solution :change SW1 vtp password to cisco B: On SW2 fastethernet0/10 config “switchport backup f0/4”, this command will cause interface fasterthernet 0/4 down. 初始TR可能还会有VTP password cisco 错误。Solution :remove it 1.2 implement the access-switch ports of switched network (already implemented) vlan port assignments are per the following table VLAN ID VLAN NAME Router port2 VLAN_BB2 SW2 F0/10 3 VLAN_BB3 R3 G0/0;SW3 f0/10 11 VLAN_A R1 G0/1 13 VLAN_B R3 G0/1 15 VLAN_BB1R5 FA0/0;SW1 f0/10 22 VLAN_C 24 VLAN_H R4 F0/1 44 VLAN_F R4 FA0/0 45 VLAN_G R5 FA0/1Configure all of the appropriate nontrunking access switch ports on sw1,sw2 and sw3, according to the following requirements ;Configure the VLANS for the access switch ports show as the vlan tables Include the ports to BB1,BB2 and BB3 Configure trunk between sw2 f0/2 and R2 G0/1 Make sure that the spanning tree enters the forwarding state immediately Only for these access switch ports , by passing the listening and learning states Avoid transmitting bridge protocol date units(BPDUS)on these access switch ports, if a BPDU is received on any of these ports, the ports should transition back to the listening, learning and forward states ;Add any special layer 2 commands that are required that are required on the routers including trunk configurationSW1:vtp mode servervtp ver 2vtp domain ccieroutingandswitchingvtp password cisco SW2/SW3/SW4:Vtp mode clientvtp ver 2vtp domain ccieroutingandswitchingyyvtp password ciscoSW1/SW2/SW3/SW4Spanning-tree portfast defaultSpanning-tree portfast bpdufilter default1.3 Implement frame relay Use the following requirements to configure R1 and R2 for frame relay and R4 as the frame relay switch ;Use ANSI LMI on frame relay switch and auto-sessing on R1 and R2 Dont use any static frame relay maps or inverse address resolutions protocol ;Use RFC 1490/RFC2427(IETF)encapsulation Use the data-link connection identifier DLCI assignments from the table below Frame Relay DLCI assignments ROUTER DLCI assignments R1 frame-relay interface 100 R2 frame-relay interface 200R4(R4的预配置不允许更改)Frame-relay switchingInt s0/0/0En frame-relay ietfFrame-relay lmi-type ansiFrame-relay intf-type dceClock rate 64000Frame-relay route 100 int s0/1/0 200No shutInt s0/0/1En frame-relay ietfFrame-relay lmi-type ansiFrame-relay intf-type dceClock rate 64000Frame-relay route 200 int s0/0/0 100 No shut R1:Int s0/0/0En frame-relay ietfNo shutexitint s0/0/0.12 point-to-pointip add yy.yy.15.242 255.255.255.252frame-relay interface-dlci 100R2:Int s0/0/0En frame-relay ietfNo ShutExitInt s0/0/0.21 point-to-pointIp add yy.yy.15.241 255.255.255.252Frame-relay interface-dlci 2001.4 traffic control protection from the backones configure traffic control on the three backone links, protecting your network from a broadcast storm. This protection should begin once broadcast traffic is half(50%) avaible bandwith. the port should remain functioning during this timeSW1/SW2/SW3:Int f0/10Storm-control broadcast level 50.001.5 trunking manipulations configure the trunk ports between sw1, sw2, sw3 and sw4 according to the following requirements ;disable DTP on the six distribution ports for each switch ;set the list of allowed vlans that can receive and send traffic on theseinterfaces in tagged format, in particular , only allow VLAN 2. 3. 11. 13. 15. 22. 24. 44. 45SW1/SW2/SW3/SW4:Vlan dot1q tag nativeInt r f0/19 -24Sw noSw tr en dotSw mode trSw tr all vlan 2,3,11,13,15,22,24,44,45 具体看考场需要Spanning-tree portfast defaultSpanning-tree portfast bpdufilter default考场需求变化注意看：SW1 to be the root for all vlan and for any new vlan Spanning-tree vlan 1-4094 priority 0but the trick they stated that BB devices must not be in the path to the root bridge SW1:Int r f0/10Spanning-tree guard rootSw3:Int r f0/10Spanning-tree guard rootSw2Int r f0/10Spanning-tree guard rootSection II layer 3 technologiesaccess-list 1 permit 1.1.2.2access-list 1 permit 1.1.15.128access-list 1 permit 1.1.15.240access-list 11 permit 1.1.4.4access-list 11 permit 1.1.15.64after finishing each of the following questions, make sure that all configured interfaces and subnets are consistently visible on all pertinent routers and switches dont redistribute between any interior gateway protocol( IGP) and board gateway protocols BGP You need to ping a bgp route only if it is stated in a question, otherwise the route should be only in the bgp table At the end of section 2. all subnets in your topology, including the loopback interface expected for sw3, must be reachable via ping, Therefore redistribute as you wish unless directly stated in a question. The backone interface must be reachable only if they are part of the solution to a question The loopback interface can be seen as either /24 or /32 in the routing tables unless stated otherwise in a question The loopback interfaces can be added into your IGP either via redistribution or added to a routing process of your choice 2.1 Implement IPV4 OSPF Configure open shortest path first ( OSPF) Updates should be advertised only out of the interfaces that are indicated in the IGP topology diagram; Dont manually change the router ID Dont create additional ospf areas Configure ospf area 2 such that there are no TYPE5 Advertisements (LSA) in the area, R1 should generate a default route. Configure OSPF over frame relay between R1 and R2 choosing a network type that requires designate router(DR) and backup designate router(BDR) negotiations and has the fatest recover times ;sw2 : ip routing router ospf yy area 2 nssa net yy.yy.8.8 0.0.0.0 a 2 net yy.yy.15.130 0.0.0.0 a 2 r2 : router ospf yy area 2 nssa net yy.yy.15.129 0.0.0.0 a 2 net yy.yy.15.241 0.0.0.0 a 2 net yy.yy.2.2 0.0.0.0 a 2 int s0/0.21 ip ospf net broadcast ip ospf dead-interval minimal hello-multiplier 20 R1 router ospf yy area 2 nssa default-information-originate net yy.yy.1.1 0.0.0.0 a 0 net yy.yy.15.242 0.0.0.0 a 2 net yy.yy.15.161 0.0.0.0 a 0 int s0/0.12 ip ospf net broadcast ip ospf dead-interval minimal hello-multiplier 20 注意上考场看需求是否有fatest recover times sw1 ip routing router ospf yy net yy.yy.15.162 0.0.0.0 a 0 net yy.yy.15.194 0.0.0.0 a 0 net yy.yy.7.7 0.0.0.0 a 0 r3 router ospf 9 net yy.yy.3.3 0.0.0.0 a 0 net yy.yy.15.193 0.0.0.0 a 02.2 Implement IPV4 EIGRP Configure EIGRP 100 and EIGRP YY per the IGP topology diagram Eigrp updates should be advertise only out to the interface per the IGP topology diagram On R1 redistribute between ospf and eigrp YY. However all of the routes that are indicated below from backone3 (EIGRP100) should not be redistributed between both protocols Use route maps to accomplish this requirement. All route-maps should utilize the same access lists On R3, redistrubte from EIGRP 100 into OSPF On R3, redistribute from EIGRP 100 into eigrp YY. However three networks 198.2.1.0/24, 198.2.3.0/24, 198.2.5.0/24 should be aggregated into a single address with the most specific mask Possible新需求要开启autosummarysw4 ip routing router eigrp yy net yy.yy.15.96 0.0.0.31 net yy.yy.10.10 0.0.0.0 r5 router eigrp yy net yy.yy.15.96 0.0.0.31 net yy.yy.15.248 0.0.0.3 net yy.yy.15.244 0.0.0.3 net yy.yy.5.5 0.0.0.0 r1 router eigrp yy net yy.yy.15.248 0.0.0.3 r3 router eigrp yy net yy.yy.15.244 0.0.0.3 red eigrp 100 router eigrp 100 net 150.3.yy.0 0.0.0.255 router os yy red eig 100 subnets int s0/0 ip summary-address eigrp yy 198.2.0.0 255.255.248.0 r1: 匹配路由时先在R3 show ip eigrp 100 查看显示出来的路由别忘了还要加上一条汇总路由和直连150.3.yy.0路由。access-list 11 permit 4.1.1.0 access-list 11 permit 128.28.2.0 access-list 11 permit 198.2.3.0 access-list 11 permit 198.1.1.4 access-list 11 permit 198.2.1.0 access-list 11 permit 198.2.5.0 access-list 11 permit 198.2.0.0 access-list 11 permit 150.3.y.0上面ACL需要匹配出所有EIGRP100发来的路由和EIGRP YY的那条汇总路由。 route-map BB3 deny 10 match ip add 11 route-map BB3 permit 20 router ospf yy redistribute eigrp yy sub route-map BB3router eigrp yy redistribute ospf yy metric 10000 100 255 1 1500 route-map BB3 这里的bandwidth第一要发的大 2.3 Implement RIP Version 2 Configure RIP version 2 (RIP V2) per the IGP topology diagram RIP updates should be advertise only out the interface per the IGP topology diagram All rip updates should be unicast All rip updates must be able to receive and process RIPV1 packets Mutually resditribute between RIP and ospf on R2 and sw4, R4 learned routes should be preferred EIGRP SW4:Router eigrp yyRedistribute rip metric 10 10000 255 1 1500Distance eigrp 90 115 （sw4外部eigrp170，从rip学习到的120）Router rip Redistribute eigrp yy metric 2Offset-list 1 out 1 vlan 44Access-list 1 permit y.y.10.10Access-list 1 permit y.y.15.96R2Router rip Redistribute ospf yy metric 5 Offset-list 1 out 5 f0/1.24 解决优选eigrp的问题Access-list 1 permit y.y.2.2Access-list 1 permit y.y.15.240Access-list 1 permit y.y.15.128优化路由：SW4：Access-list 44 permit yy.yy.4.4Access-list 44 permit yy.yy.15.32Router rip Distance 105 yy.yy.15.65 0.0.0.0 44R2:Access-list 24 pemrit yy.yy.4.4Access-list 24 permit yy.yy.15.64Router rip Distance 105 yy.yy.15.33 0.0.0.0 24上考场注意看是否需要：在接口下配置：ip rip receive ver 1 2单项有路由可能是nei指错了。注意R2 OSPF 发布进RIP时要比SW4发布进大。注意R4 都走SW4 除了一条直连。要求开启autosummaryr2 router rip ver 2 net yy.0.0.0 pass de nei yy.yy.15.33 r4 router rip ver 2 net yy.0.0.0 pass de nei yy.yy.15.34 nei yy.yy.15.66 sw4 router rip ver 2 net yy.0.0.0 pass de nei yy.yy.15.65SW4:Router eigrp yyRedistribute rip metric 10 10000 255 1 1500 route-map DENY_DEF（注意metric）Distance eigrp 90 115route-map DENY_DEF deny 10 ma ip add prefix-list DEFroute-map DENY_DEF per 20ip prefix-list DEF per 0.0.0.0/0Router rip Redistribute eigrp yy metric 2Offset-list 1 out 1 vlan 44Access-list 1 permit y.y.10.10Access-list 1 permit y.y.15.96R2:Router ospf yyRedistribute rip subnet route-map DENY_SUM如果有需求must not be blocked when redistribute from ospf to rip on R2 不需要做需要在SW4上做阻止掉0.0.0.0/0 不然BGP中可能会出现环路。R2上不需要做过滤默认路由，SW4上和R2的配置一样。Router rip Redistribute ospf yy metric 5 route-map DENY_SUMOffset-list 1 out 5 f0/1.24 解决优选eigrp的问题Access-list 1 permit y.y.2.2Access-list 1 permit y.y.15.240Access-list 1 permit y.y.15.128route-map DENY_SUM deny 10 ma ip add prefix SUMroute-map DENY_SUM per 20ip prefix-list SUM permit * (R2show ip route rip 包含的非YY的汇总路由,不要忘记150.1/2/3.0.0)2.4 Implement IPV6 Internte protocol version 6 ( IPV6) to configure IPV6 unique local unicast address using the eui-64 interface identifier R4 G0/1 and R2 G0/1.Z (VLAN 24) FC01:DB8:74:C:/64 eui-64 R2 S0/0.Z and R1 S0/0.Z FC01:DB8:74:A:/64 eui-64 R1 G0/1 and SW1 Svi 11 FC01:DB8:74:B:/64 eui-64 Configure ospfv3 per the IPV6 topology Ensure that R4 can ping sw1 using IPV6Ipv6地址中的A B C 在考试的时候可能会有变化按需求敲做完后SW1上ping R4接口地址R4 ipv6 unicast-routing ipv6 router ospf yy router-id yy.yy.4.4 int e1 ipv6 add fc01:db8:74:C:33/64 ipv6 ospf yy area 0 R2 ipv6 unicast-routing ipv6 router ospf yy router-id yy.yy.2.2 int e0/1.24 ipv6 add fc01:db8:74:C:34/64 ipv6 ospf yy area 0 int s0/0.21 ipv6 add fc01:db8:74:a:241/64 ipv6 ospf yy area 1 R1 ipv u ipv router ospf yy router-id yy.yy.1.1 int s0/0.12 ipv add fc01:db8:74:a:242/64 ipv ospf yy area 1 int e0/1 ipv add fc01:db8:74:b:161/64 ipv ospf yy area 1 sw1 sdm prefer dual-ipv4-and-ipv6 default (WR ipv u ipv router ospf yy rotuer-id yy.yy.7.7 int vlan 11 ipv add fc01:db8:74:b:162/64 ipv ospf yy area 1 2.5 Implement IPV4 BGP Referring the BGP routing diagram . configure BGP with these parameters Configure two bgp confederations R1, R3, R5 and sw4 (ASYY1) and R2 and SW2 (ASYY2) The confederation peers should neighbor between R1 and R2 and between SW4 and R2 EBGP: SW2 EBGP peers with the router 150.2.YY.254 on backone 2 in AS 254. This router advertise five routes with format 197.68.z.0/24 and the AS path 254 .EBGP: R5 EBGP peers with the route 150.1.YY.254 on backone 1 in as 254, this router advertise five routers with the format 197.68.z.0/24 and the as path 254 253 .The bgp devices should all prefer the path through R5 (150.1.yy.254) for network 197.68.21.0/24 and 197.68.22.0/24 ;The internal board gateway protocol (IBGP) devices should all prefer thepath through sw2 (150.2.yy.254) for network 197.68.1.0/24 197.68.4.0/24 and 197.68.5.0/24 this manipulation should be accomplished only on one router using route maps that refer to a single access list Configure only the loopback 0 ip address to propagate BGP route informationYou will need to redistribute the BB links and not to use next-hop-self and also full ibgp mesh indisde confideration.由于新的版本要求不使用RR根Next-hope-self 所以新的配置如黄色部分R1 router bgp 292 no synchronization bgp router-id 29.29.1.1 bgp log-neighbor-changes bgp confederation identifier 1 bgp confederation peers 291 neighbor 29.29.2.2 remote-as 291 neighbor 29.29.2.2 ebgp-multihop 255 neighbor 29.29.2.2 update-source Loopback0 neighbor 29.29.3.3 remote-as 292 neighbor 29.29.3.3 update-source Loopback0 neighbor 29.29.5.5 remote-as 292 neighbor 29.29.5.5 update-source Loopback0no auto-summaryR2 router bgp 291 no synchronization bgp log-neighbor-changes bgp confederation identifier 1 我的BB那边没该这里应该是29 bgp confederation peers 292 neighbor 29.29.1.1 remote-as 292 neighbor 29.29.1.1 ebgp-multihop 255 neighbor 29.29.1.1 update-source Loopback0 neighbor 29.29.8.8 remote-as 291 neighbor 29.29.8.8 update-source Loopback0 neighbor 29.29.10.10 remote-as 292 neighbor 29.29.10.10 ebgp-multihop 255 neighbor 29.29.10.10 update-source Loopback0 no auto-summarySW2 router bgp 291 no synchronization bgp log-neighbor-changes bgp confederation identifier 1 我的BB那边没该这里应该是29 neighbor 29.29.2.2 remote-as 291 neighbor 29.29.2.2 update-source Loopback0 neighbor 150.2.29.254 remote-as 254 no auto-summaryR3 router bgp 292 no synchronization bgp router-id 29.29.3.3 bgp log-neighbor-changes bgp confederation identifier 1 我的BB那边没该这里应该是29 neighbor 29.29.1.1 remote-as 292 neighbor 29.29.1.1 update-source Loopback0 neighbor 29.29.5.5 remote-as 292 neighbor 29.29.5.5 update-source Loopback0 neighbor 29.29.10.10 remote-as 292 neighbor 29.29.10.10 update-source Loopback0 no auto-summaryR5router bgp 292 no synchronization bgp router-id 29.29.5.5 bgp log-neighbor-changes bgp confederation identifier 1 我的BB那边没该这里应该是29 neighbor 29.29.1.1 remote-as 292 neighbor 29.29.1.1 update-source Loopback0 neighbor 29.29.3.3 remote-as 292 neighbor 29.29.3.3 update-source Loopback0 neighbor 29.29.10.10 remote-as 292 neighbor 29.29.10.10 update-source Loopback0 neighbor 150.1.29.254 remote-as 254 neighbor 150.1.29.254 route-map loc in no auto-summaryroute-map loc permit 10 match ip address 1 set local-preference 200!route-map loc permit 20 set local-preference 90access-list 1 permit 197.68.21.0access-list 1 permit 197.68.22.0SW4 router bgp 292 no synchronization bgp router-id 29.29.10.10 bgp log-neighbor-changes bgp confederation identifier 1 我的BB那边没该这里应该是29 bgp confederation peers 291 neighbor 29.29.2.2 remote-as 291 neighbor 29.29.2.2 ebgp-multihop 255 neighbor 29.29.2.2 update-source Loopback0 neighbor 29.29.3.3 remote-as 292 neighbor 29.29.3.3 update-source Loopback0 neighbor 29.29.5.5 remote-as 292 neighbor 29.29.5.5 update-source Loopback0 no auto-summary以前的RR配置根next-hope-selp 导致BB的路由能传过来但现在全互联解决BB路由传不进来的方法R5 router eigrp 29 redistribute connected route-map BB1route-map BB1 permit 10 match interface FastEthernet0/0SW2 router ospf 29redistribute connected subnets route-map BB2route-map BB2 permit 10 match interface Vlan21. 上考场看不让做RR时，做全互连。重发布直连接口。SW2:Route-map con permit 10Match int vlan 2Router ospf yyRedistribute con subnet route-map conR5:Route-map con permit 10Match int g0/0Router eigrp yyRedistribute con subnet route-map con2. Traceroute 150.1.yy.254 ,150.2.yy.254 优先走EIGRP所有需要把OSPF进程内的 distance 改大。Access-list 1 permit 150.1.yy.0Access-list 1 permit 150.2.yy.0Router ospf yydistance 180 25.25.1.1 0.0.0.0 1注意通告参与BGP设备的loopback 0口Section III IP multicast 3.1 implement PIM spares mode for IPV6 multicast Enable pim sparse mode ( pim-sm) on the lan between R4-fa0/1 and R2-Gi0/1, R1 G0/1 and SW1 Svi, and on the WAN link between R2 and R1, Using these criteria Configure R4-fa0/1 to be the redezvous point (RP) for the FF08:4000:4000 multicast group no other groups should be permit R4, R2, R1, SW1 conf t ipv multicast-routing ipv cef ipv pim rp-address FC01:DB8:74:C:33 rip ipv access rip permit