CCIE_LAB_160版本需求分析.doc

CCIE LAB 160版本需求分析1. Bridging and Switching1.2 Configure IP across your frame relay network:l RackYYR1, RackYYR3, RackYYR4配frame-relay, RackYYR1为hub点；l RackYYR5，RackYYR2参与frame-relay, RackYYR5s0/0接口IP addess是YY.YY.13.1;l Frame-relay不要求ping通自己，所有路由器的lo0地址都是32位；l 不能对FR预先配置做任何改动，不能起用动态FR1.3 catlyst ethernet switch setupl RackYYSw1 RackYYSw2 and RackYYSw3 are connected via crossover cables;l Statically configure an ISL trunk between RackYYSw1 and RackYYSw2 switches on port fa0/23-24; RackYYSw1 and RackYYSw3 switches on port fa0/19-20; RackYYSw2 and RackYYSw3 switches on port fa0/21-22l The switches physical topology is full meshed;l 考题中说明的用什么EtherChannel的协商协议。（具体看题目的需求，PagP or LACP，根据题目需求来选择channel-group XX mode后的关键字，区别如下表所示）1.2 Catalyst VTPl Configure RackYYSw1 to be the VTP Server for domain VTPYY, for examples, Rack07 and so on;l Be sure that RackYYSw2 and RackYYSw3 can see vlan configuration from RackYYSw1;1.5 Catalyst VLAN Configurationl 3台交换机上对VLAN及VLAN下的接口进行预先配置，用命令可以看到如下显示：1.6 Catalyst IP Routingl Configure RackYYSw1 RackYYSw2 and RackYYSw3 to support IP routing as shown in Diagrames 1 and 2; RackYYSw3建立一个SV1接口，保证能够PING通R4的以太口1.7 Router Trunkingl 在RackYYR6划分两个子接口e0/1.1, e0/1.2, e0/1.1接BB2, e0/1.2接BB3， BB3的e0/0连接在sw3的fa0/10上1.8 vlan-mapl Configure RackYYSw2 block MAC traffic with vines-ip on bb2 (具体看考题是哪几个VLAN)1.9 Fallback Bridgel 在RackYYSw1的VLANA(vlan 20)和fa0/6（连RackYYR6接口）配置Fallback Bridge， 并设置只forward mac address: 1234.1234.1234.aaaa.bbbb.cccc at any interface1.10 MSTPl Spanning-tree很消耗处理器资源，为了节省CPU资源，启用MSTP， MSTP建立2个实例：单数开头的3个VLAN双数开头的3个VLAN1.11 Load-balancel 从RackYYR4的E0/1到SW3所连接的同一个VLAN中的主机线路使用紧张，为了使流量能够最大限度的负载平衡，在SWITCHES上使用负载平衡2 IP IGP Protocol2.1 EIGRPl RackYYR6, RackYYR3, RackYYR4, RackYYSw1上运行EIGRPYY，RackYYR6上配置EIGRPYY over BB3;l RackYYR6的连接BB3的网段只能在EIGRP YY区域内的所有路由器的路由表中以内部路由的形式存在，RackYYR6在EIGRP YY进程下不与BB3建立邻居关系；l RackYYR4的VLANC YY.YY.14.4网段不能使用network命令进入EIGRP YY；l 运行EIGRP YY的路由器的lo0以32位的形式通告出去；l 所有运行EIGRP YY的路由器的autosummary必须关闭；l RackYYR6在EIGRP 100进程下与BB3建立EIGRP邻居关系；l EIGRP 100 auto summary必须关闭2.2 EIGRP Distributel 从BB3学到很多路由，只能允许198开头的路由进入路由表，向BB3通告一条YY.YY.0.0/16的汇总；l 两个EIGRP相互重分发，配置完成以后从RackYYR3，RackYYR4，RackYYSw1能够ping通150.3.YY.254.两个eigrp进程相互重分2.4 OSPFl RackYYR1、RackYYR3、RackYYR4的帧中继和RackYYR1、RackYYR5、RackYYSw2的VLANB都是Area 0；l RackYYR2、RackYYR5之间是Area25；l RackYYR1/3/4帧中继要求就是ip ospf network type broadcastl RackYYR2/5是ptp点到点l RackYYR5的lo0以32位主机路由的形式通告到area0，RackYYR2的lo0以32位的形式通告到area25；l RackYYR3与RackYYR4不参与DR的选举；l VLANB有个特殊要求，RackYYSw2必须为DR；l RackYYR1和RackYYR5之间只能形成2way的状态；l Router-id: YY.YY.X.X2.5 OSPF Dead Interval Timel RackYYR2/5的帧中继口上更改ospf的Dead interval为60；2.6 OSPF与EIGRP YY在RackYYR3/4上双点重分发l 在RackYYSw1看到OSPF过来的要loadbalancing，不许用Virance；l 在RackYYR1上看到EIGRP过来的路由也要load-balancing（除R3/R4L0）;l RackYYR1必须首选RackYYR3到达yy.YY.6.6，其次RackYYR4，如果RackYYR3 DOWN掉，选择到RackYYR4的路径； l EIRGP routes redistributed into ospf E2;l 在sw1上：11.0网段只走R3，14.0网段只走R4l 在sw1上：R3，r4的lo0各走自己的路由l 要求eigrp to ospf, 只允许五条eigrp YY的路由。如下所示：YY.YY.6.6/32 YY.YY.7.7/32 YY.YY.9.0/32 YY.YY.10.0/24 150.3.YY.0/24（具体看R1的路由表中是否有YY.YY.14.0这个网段的路由）2.7 Ipv6l 在RackYYR1与RackYYR4的ethernet端口上分别给出了一个Ipv6的地址，要求在RackYYR1与RackYYR4之间建一个IPv6 over IPv4 Tunel，并且运行RIP完成之后保证ping通RackYYR1：2068:YY:YY:11:1/64RackYYR4：2068:YY:YY:44:4/642.8 RIPl RackYYR2上运行RIPv2，只允许199.172.5.0, 199.172.10.0, 199.172.13.0, 199.172.14.0进入路由表要求2行access-list完成这一需求；l RackYYR2在做RIP通告时带宽开销为最低；l 在RackYYR2上建立一个Loopback1, IP地址为150.4.YY.1/24, 将此接口通告进RIP；l RackYYR2上的RIP重分发到OSPF，这些路由cost can be adjusted basic on per hops (OE1)l 汇总一条YY.YY.0.0的路由到bb13 Features3.1 Frame Relayl Configure RackYYR1, RackYYR3 and RackYYR4s frame relay interfaces so that broadcast flooding can be avoided. Use the following parameters:l Maximum transmission rate: 240 packets per second;l Maximum byte transmission rate of 260k bytes per second;l Limit the queue size to 120 packets3.2 Improve Convergence and Network Stabilityl RackYYR2s Se0/0 interface is experiencing excessive link flap causing peer routers in the network to recalculate best paths. This is consuming substantial amounts of system processing resources and cause routing protocol to lose synchronization with the state of the flapping interfacel Configure RackYYR2 flapping interface to be removed from the network until it stabilizes, hus improving convergence times and stability throughout the network by isolate link failures so that disturbaces are not propagated.3.3 UDP Broadcast Managementl Configure the E0/1.2 interface on RackYYR6 to forward incoming Snmptrap registration broadcast to 150.1.y.254 on RackYYR2s Backbone 1 Ethernet. No sumptrap status.4 QOS4.1 CBWFQl Allocate 10Mbps in the Ethernet 0/0 interface on RackYYR6 for traffic coming from Backbone 2 and Backbone 3, You solution should apply to all possible traffic from Backbone 2 and Backbone 3 on Ethernet 0/14.2 Traffic Engineeringl Configure RackYYR1 so that any received IP traffic sourced from VLANB will be forwarded to RackYYR4 with an IP precedence of 3;4.3 To Queue Mappingl 在RackYYSw1的fa0/4上配置Cos和round roubin queue的一个Map：Cos 6 7 map to queue 1Cos 5 4 map to queue 2Cos 3 2 map to queue 3Cos 1 0 map to queue 45 Multicast Routing5.1 Multicastl RackYYSw1, RackYYR3, RackYYR4, RackYYR1, RackYYR5, RackYYR2起Multicast, RackYYSw1就要求Vlan20启动。l RackYYR4的Lo0是send RP announce.Lo0加入224.30.30.30, 224.40.40.40, 224.50.50.50. 但是只让你RP announce为30和50的RP；l 为了防止RP欺骗，配置RackYYR4来Filter这个Annouce，保证RP为R4的Lo0l 保证当配置完成后组播路由器都能ping通这三个组5.2 Limiting Multicast TrafficThere are two multicast sources on RackYYSw2. The address of the multicast sources are YY.YY.1.80 and YY.YY.1.120. these sources are sending to the multicast group 234.29.69.97. Configure RackYYR5 to limit the bandwidth for multicast traffic received from these sources to 2Mbits per second.6 Security6.1 IP Spoofingl Setup RackYYR1 such that it only forwards the packets from the Frame Relay network which have source address found in its routing table. Log packets that do not meet this requirement6.3 SYN_FLOOD攻击l 在RackYYR2上配置，怀疑有PC对BB1理的服务器（150.1.YY.0）进行SYN_FLOOD攻击，配置RackYYR2使得允许路由器等待15秒，然后关闭那些未成功建立连接的请求。6.4 CBACl r1, r3, r4, r6, sw1 and sw2 need to telnet to r2s address 150.4.YY.1, config suitable access control on one device only meeting the flowing requirementl r1, r3, r4, r2, sw1 and sw2 can telnet 150.4.y.1 all other traffic to 150.4.y.1 will be block;l all traffic originating from 150.4.y.1 will be block, this does BOT include telnet t