CCIE综合实验系列之N1.doc

一、 Topology BGPConfigur IP across your frame relay network Frame-relay Rack YYR3、RackYYR4、RackYYR5 RackYYR3为multipoint，RackYYR4 and RackYYR5 为 Point-to-point ,接口IP address 是 YY.YY.11.0/24 RackYYR1、RackYYR6参与Frame-relay，接口IP地址是YY.YY.16.0/24 Frame-relay 不要求Ping通自己，所有路由器的Loopback0接口地址都是24位Catalyst Ethernet Switch SetupSwitch1、Switch2、Switch3 and Switch4 are connected via crossover cables，their physical topology is full meshedCatalyst VTPConfigure RackYYSW1 RackYYSW2 RackYYSW3 and RackYYSW4 to be the VTP transparent for domain VTPYY，for examples，Rack07 would be VTP07，Rack17 would be VTP15 and so on；Layer3 Etherchannel Use channel-group number 21; Dont use pagp & lacp Protocol; Swich1: YY.YY.100.1/24Layer 2 etherchannel Use channel-group number 10 only; Ensure idare channel-member for all switches on sw2 and sw4 assign all interfaces in the channel as static-access port in vlan200; Unconditionally enables pagp to facilitate the connection; Verify layer2 connectivity via the channel linkCatalyst IP routingConfigure RackYYSW1 and RackYYSW2 to support IP routing as shown in diagrams:SW1： Vlan_100 YY.YY.12.254/24 Vlan_200 YY.YY.34.1/24SW3: Vlan_200 YY.YY.34.254/24SW2:Vlan_100YY.YY.21.254/24Vlan_200YY.YY.43.1/24SW4:Vlan_200YY.YY.43.254/24Routed portRackYYSW1 and RackYYSW2 fa0/3 are connected to RackYYR3，IP address:YY.YY.13.2/24 and YY.YY.31.2/24CDPConfigure the length of time camounit，a neighbor should hold cdp information sent by sw2 before discarding it to 2 minutes.Storm-controlSw1 fa0/7 will stop forwarding unicast traffic if the input rate exceeds 65 MbpsCatalyst SecurityBlock the interface fa0/5 of Switch-1 accept unknow multicast OSPF (AREA0) Link between sw1 and sw2； All interface in vlan 100 on sw1，sw2，R1，R2； R3 fa0/0 fa0/1 and the fa0/3 on sw1，sw2 Loopback 0 on sw1，sw2，R2，R3； Verify that all ospf neighbor have build their adjacencyOSPF (NBMA) Area 11: the Frame-relay network between R3,R4,R5; Loopback 0 on R4,R5; VLAN55; Ensure there is no DR/BDR election over the nbma network;OSPF(ASBR) and RIPv2 part1 Configure r4 to receive RIPv2 routes from bb1 When properly configured you will receive ripv2 routes in the Class B address range of 199.172.X.X Configure R4 so that external rip routes are injected to area 11 and appear throughout the ospf domain; Ensure external routes originating from asbr outside area 11 can not be flooded within the area Permit ospf type-3 routes into area 11OSPF (area 34 and 43) Area 34 consists of the vlan 200 int on sw1 and sw3 and loopback 0 on sw3 Area 43 consists of the vlan 200 int on sw2 and sw4 and loopback 0 on sw4 Verify sw3 and sw4 can ping all ints within your networkOSPF summaryadd the lo22, lo32 and lo47 on r2 to area0, summarize the above add into a single route your summary route must be compact and not waste add spaces;verify the summary is on the ospf routing table on r5 and that you can ping each host add on r2lo22: 180.88.22.254/24 lo32: 180.88.32.254/24lo47: 180.88.47.254/24Ripv2 Part2 Advertise all the individual yy.yy.0.0 network prefixes generated within your topology to bb1 instruct the bb1 router that your networks a 5 hops away Filter all other prefixes to bb1 r6 must have a single 16 bits prefix via r1 to reach the yy.yy.0.0 network. Dont use route filters or automatic summarization to accomplish this. Redistribute eigrp routes into ospf domain on r1;EIGRP ( route filter)lConfigure r6 to include the bb3 connection in eigrp 100. the bb3 router will be sending source class a,b,c ip prefixes, Create a prefix-list and apply it so that the eigrp process will only accept prefixes in the class c (或class b或first octet=192-200) add range on the fa0/0 int and insert them into the routing table. lFilter all routes from going to bb3;二、 ospfv3 on ipv6 要求在R1，R6之间配置完成一个IPv6 的配置以后可以看到如下4张表 帧中继可以ping通 ipv6的地址（注意是2038还是2033，还有IP地址也会变，比如11变为12，61变16。）RackYYR1#show ipv6 int brief Gi0/0 up/up FE80:ZZZZ:ZZZZ:ZZZZ 2038:YY:YY:11:1 S0/0/0 up/up FE80:ZZZZ:ZZZZ:ZZZZ 2038:YY:YY:61:1 RackYYR6#show ipv6 int brief Gi0/0 up/up FE80:ZZZZ:ZZZZ:ZZZZ 2038:YY:YY:66:6 S0/0/0 up/up FE80:ZZZZ:ZZZZ:ZZZZ 2038:YY:YY:61:6三、 ipv6 routingRackYYR1#show ipv6 route C 2038:YY:YY:11:/64 0/0 via :, Gi0/0 L 2038:YY:YY:11:1/128 0/0 via :, Gi0/0 C 2038:YY:YY:61:/64 0/0 via :, S0/0/0 L 2038:YY:YY:61:1/128 0/0 via :, S0/0/0 O 2038:YY:YY:66:/64 120/2 via FE80:ZZZZ:ZZZZ:ZZZZ, S0/0/0 （注意管理距离为120,COST是2）/通过IPV6 OSPF学到R6上的F0/0L FE80:/10 0/0 via :, Null0 L FF00:/8 0/0 via :, Null0 RackYYR6#show ipv6 route O 2038:YY:YY:11:/64 120/2 via FE80:ZZZZ:ZZZZ:ZZZZ, S0/1 /通过IPV6 OSPF学到R1上的F0/0C 2038:YY:YY:61:/64 0/0 via :, S0/0/0 L 2038:YY:YY:61:6/128 0/0 via :, S0/0/0 C 2038:YY:YY:66:/64 0/0 via :, Gi0/0 L 2038:YY:YY:66:6/128 0/0 via :, Gi0/0 L FE80:/10 0/0 via :, Null0 L FF00:/8 0/0 via :, Null0 四、 Multicast There is a multicast source for group 224.2.2.2 localed at vlanbb2 and another source for group 224.3.3.3 localed at vlanbb3. there are clients on vlan55 at would like to access these two groups; Configure r5, r3, sw1, r1, r6 to meet the following questions: All devices using sparse-mode R1 will be rp for both multicast group and r3 will be the back rp. Use the most reliable way to achieve the objective and dont configure rp information statically. R5 needs to be able to ping both 224.2.2.2 and 224.3.3.3;defense against multicast dos attackthere is a concern that hacker may launch dos attack again r5 with muticast groupmembership traffic .configure r5 so that it will accept only 100 igmp reports at any time but this limit does not apply to the group 224.3.3.3R5：access-list 101 permit ip host 0.0.0.0 host 224.3.3.3 int f 0/0ip igmp limit 110 except 101五、 BGP预配置以下端口R1: Loopback 200: 200.1YY.101.1/32R2: Loopback 200: 200.1YY.102.1/32R6: Loopback 200: 200.1YY.106.1/32R3: Loopback 200: 200.YY.3.1/32R4: Loopback 200: 200.YY.4.1/32R5: Loopback 200: 200.YY.5.1/32IBGP AS YY : configure only r3, r4, r5 to be part of the as yy R3 is the route reflector for the AS As 1YY: configure only r1, r2, r6 to be part of the as 1YY. Dont configure rr or confederation in the AS You can use any ip add to form the ibgp peers Advertise the lo200 on all bgp routes through bgp, and make sure you are able to ping these loopbacks from inside each ASEBGP R6 ebgp peers with bb2 ip add 150.2.yy.254 as 254 R2 ebgp peers with r3 R1 ebgp peers with r3 You can use any ip add to form the ebgp peers Make