K1通过版(JIM).doc

此文档收集于网络，如有侵权，请联系网站删除K1+以下解法，不敢保证任何一项满分，但是总够通过K1+的版本分数线Configure all of the appropriate nontrunking access-switch ports on SW1,SW2,and SW3,according to the following requirements:l Configure the VLANs for the access-switch ports show as the vlan table,include the ports BB1,BB2 and BB3.l Configure trunk between SW1 F0/2 and R2 G0/1.l Make sure that the spanning tree enters the forwarding state immediately.l Only for these access switch ports,by passing the listening and learning states.l Avoid transmitting Bridge Protocol Data Units(BPDUs) on these access switch ports,if a BPDU is received on any of these ports,the ports should transition back to listening,learning and forwarding states.l Add any special Layer 2 commands that are required on the routers including trunk configuration.l SW1 should be the root for all vlans and for any new vlan.l BB devices must not be in the path to the root bridge. .SW1:spanning-tree vlan 1-4094 root primarySW1/SW2/SW3Inter f0/10Span guard root这是针对BB devices must not be in the path to the root bridge这个需求的解法SW1SW2SW3SW4:spanning-tree portfast defaultspanning-tree portfast bpdufilter default针对“Avoid transmitting Bridge Protocol Data Units(BPDUs) on these access switch ports,if a BPDU is received on any of these ports,the ports should transition back to listening,learning and forwarding states.”这一需求，注意，一定不要用bpduguard 否则bb3的接口会被阻塞掉Implement Frame relayUse the following requirements to configure R1 and R2 for frame relay and R4 as the Frame Relay switch.l Use ANSI LMI on frame relay switch and auto-sesing on R1 and R2.l Dont use any static frame relay maps or inverse address resolutions protocol.l Use RFC 1490/RFC2427(IETF)encapsulation.l Use the Data-Link Connection Identifier(DLCI) assignments from the table belowFrame Relay DLCI assignmentsROUTERDLCIR1 Frame-relay interface100R2 Frame-relay interface200帧中继部分，解法不变Traffic control protection from the backbonesConfigure traffic control on the three backbone links,protecting your network from a broadcast storm.This protection should begin once broadcast traffic is half(50%)available bandwidth,the port should remain functioning during this time.SW1SW2SW3:interface f0/10storm-control broadcast level 50.00Trunking manipulationsl Configure the trunk ports between SW1,SW2,SW3 and SW4 according to the following requirements:l Disable DTP on the six distribution ports for each switch.l Set the list of allowed VLANs that can receive and send traffic on these interfaces in tagged format in particular, only allow VLAN3,11,13,44,45.这一部分，需求发生变化，允许通过的VLAN不再是3,11,13,44,45，而是要求拓扑中所有VLAN，也没有了tagged format的关键字，所以更新解法为SW1SW2SW3SW4:int range f0/19 - 24switchport trunk encapsulation dot1qswitchport mode trunkswitchport nonegotiateswitchport trunk allowed vlan 2,3,11,13,15,22,24,44,45因为没有了tagged format的关键字所以不要需要vlan dot1q tag native这条命令Section II: Implement Layer 3 TechnologyIGP这一部分是K1的重中之重，主要变化为RIP没有明确要求使用V2 接口不再要求接受RIP V1的数据包，最为重要的一点是RIP和EIGRP要求不能no auto-summaryR1：interface s0/0.12ip ospf network broadcastip ospf dead-interval minimal hello-multiplier 20router ospf 30network 61 area 0network 42 area 2network a 0area 2 nssa default-information-originateip access-list extended e100permit ip host host permit ip host host permit ip host host permit ip host host 52permit ip host host permit ip host host permit ip host host permit ip host host route-map d100 deny 10match ip address e100route-map d100 permit 20router ospf 30redistribute eigrp 30 subnets route-map d100router eigrp 30network 49 network redistribute ospf 30 metric 10000 100 255 1 1500 route-map d100R1的环回接口我选择的是两边宣告 不做access-list 24 permit access-list 24 permit 4router ospf 30distance 175 24这是为了在R1上保持和R5路由的一致性，其实可做可不做，但是路由一致的分数和路由不一致的分数肯定是不一样的，自己选择 R2：interface s0/0.12ip ospf network broadcastip ospf dead-interval minimal hello-multiplier 20router ospf 30network area 2network 41 area 2network 29 area 2area 2 nssadistance 125 11redistribute rip metric-type 1 subnetaccess-list 11 per access-list 11 per 4access-list 11 per 0access-list 11 per access-list 11 per 6这里4.4 和15.64 是为了解决次优路径，必须做，下面3个是为了解决路由信息不一致，可做可不做，自己选择R2：router ripversion 2auto-summarynetwork passive-interface defaultneighbor 3redistribute OSPF 30 metric 5offset-list 22 out 5 f0/1.24Access-list 22 permit 40Access-list 22 permit 28Access-list 22 permit 注意，绿字部分我不建议大家做，虽然题目有需求说R4优选EIGRP，但是如果你把R2三个直连的网段做了offset-list 虽然满足题意了，但是明显的是次优路径，思科是很专业的公司，我认为思科看重次优路径更重一些下面是K1 IGP变化的重点R2Access-list 10 deny Access-list 10 deny Access-list 10 deny Acces-list 10 deny Access-list 10 deny Access-list 10 deny Access-list 10 per anyrouter ripdistr-list 10 in f0/1.24因为RIP 和EIGRP开启了自动汇总，所以，在R4上会把从BB学来的路由全部汇总成主类，然后传给R2，R2又会把从R4学来的主类路由传递给R1，那么问题就出来了，在之前我们关闭自动汇总的时候，R1 和SW1上去往bb的路由是只有条路径的，自动汇总后R1和SW1又多了通过R2到达BB的路径，这样看上去很美，有了冗余，但是题目有明确的要求不能影响 OSPF 区域0的选路，所以这条冗余链路思科是不想看到的，因此我们在R2上就将其干掉。具体的路由条目我记不清楚了，总是就是R2上面产生的主类路由，全部干掉。这里要注意一点，因为BGP部分要求不能使用next-hop这条命令，所有我们需要把与sw2相连的bb2 和与r5相连的bb1重分发进IGP中，所以R2上面还会有BB的主类路由，也要干掉特别要注意的一点，主类路由只在R2上过滤即可，sw4上当你R2和SW4做完双向重分发的后，因为水平分割的缘故，SW4上是不可能出现主类路由，大家可以放心了R3：router ospf 30network 93 a 0net a 0redistribute eigrp 100 subnetsrouter eigrp 100auto-summarynet 55router eigrp 30net auto-summaryredistribute eigrp 100 metric 100000 100 255 1 1500Int s0/0ip summary-address eigrp 30 这里出现了点小争议，关于R3的环回接口应该宣告到哪？我的做法是两边宣告，这样R5上到达R3的环回接口就不会绕往R1了R4：router ripversion 2auto-summarynetwork passive-interface defaultneighbor 4neighbor 6R5：router eigrp 30auto-summarynetwork network 46 network 50 network 7 SW1：Ip routingrouter ospf 30network area 0network 62 area 0network 94 area 0SW2：Ip routingrouter ospf 30network area 2network 30 area 2area 2 nssaSW4：ip routingrouter eigrp 30auto-summarynetwork 0 network 8 ip prefix-list denydefault permit /0route-map denydefault deny 10match ip address prefix-list denydefaultroute-map denydefault permit 20access-list 21 deny access-list 21 deny access-list 21 deny 2access-list 21 per any如果在R2上没有做offset-list 那么 可以不做router ripredistribute eigrp 30 metric 3distance 175 5 21router eigrp 30redistribute rip metric 1000 100 255 1 1500 route-map denydefaultIPV6 和组播部分没什么可说的了，细心细心再细心就一定没有问题BGP 有两点变化，不可用RR 那么R1 R5 R3 SW4要全互联，不可以改变下一跳属性，解法如下R5route-map conn permit 10match interface f0/0router eigrp YYredistribute connected route-map connSW2：route-map conn permit 10match interface vlan 2router ospf 30redistribute connected route-map conn另外关于K1 BGP黑洞的问题，可解可不解，如果要解千万千万不要用MPLS，那是在找死，可以参照下面解法R3access-list 1 permit access-list 1 permit router ospf 30distance 175 1这是为了让R3走R5，而不走SW1Secure HTTP accessR5：aaa new-modelaaa authentication login default lineaaa authentication login HTTP local-caseaaa authorization exec HTTP localno ip http serverip http secure-serverip http authentication aaa login-authentication HTTPip http authentication aaa exec-authorization HTTPusername cisco privilege 1 password ciscousername ADMIN privilege 15 password CISCOSecure the WAN PPP LINKSaaa new-modelaaa authentication ppp R1 group radius local-caseaaa authentication ppp R3 group tacacs+ local-caseusername RACKYYR1 password ciscousername BACKUP password CISCOint s0/0ppp authentication chap R1int s0/1ppp authentication chap R3radius-server host 18 key ciscotacacs-server host 29 key ciscoR1:int s0/1ppp chap hostname RACKYYR1ppp chap password ciscoR3:int s0/0ppp chap hostname BACKUPppp chap password CISCOMQC-Based frame-relay traffic shappingR2：class-map VIOPmatch dscp efclass-map match-any DATAmatch dscp af11match dscp af21policy-map CBWFQclass VIOPpriority percent 40class DATAbandwidth percent 35policy-map MQCclass class-defaultfair-qushape average 64000shape adaptive 32000service-policy CBWFQmap-class frame-relayFRservice-policy output MQCint s0/0.12frame-relay interface-dlci 200class FR注意，帧中继主接口下不打frame-relay traffic-shapingAuto QOS over PPPR1:int s0/1auto qos voipR5:int s0/0auto qos voipFirst Hop RedundancyR2:track 1 ip route /0 reachabilityInt f0/1.24glbp 1 ip y.y.15.35glbp 1 preemptglbp 1 authentication md5 key-string ciscoglbp 1 weighting track 1R4:track 1 ip route /0 reachabi