Version 70修改版.doc

V70Pre-configuration:1. LOOPBACK Setting:All 10 devices have Loopback 0 address is the following format:YY.YY.X.X/24 where YY=Rack Number and X=Device Number2. VLAN-Setting:vlan 11 - VLAN_BB1vlan 12 - VLAN_BB2vlan 13 - VLAN_BB3vlan 21 - VLAN_Avlan 22 - VLAN_Bvlan 23 - VLAN_Cvlan 50 - CUSTOMER_1vlan 100 - VLAN_SWITCHESNote: The basic VLAN for your topology are preconfiguredPart 1 Bridging and Switching1.1 Frame RelayConfigure the Frame Relay connection between R1 and R3Configure the Frame Relay connection between R2 and R6Configure the Frame Relay connection between R2, R4 and R5帧中继需要ping通本端(ipv6不需要map self)不允许全零映射和动态映射存在1.2 VTP ConfigurationVTP information is partially configured from SW1 though SW4 Complete the configuration with the following requirements:l VTP domain name is RackYYl SW1 will propagate VLAN information to your stack of switches and make changes to SW2, SW3 and SW4l Ensure to secure the VTP information exchange with authentication and use cisco as your keyl In the future, these four switches will be configured into transparent switches. They should NOT inspect the VTP domain name and version, and they should support unrecognized Type-Length-Value (TLV)(version 2)vtp domain RackYYSW1:vtp mode server SW2/SW3/SW4:vtp mode clientvtp password ciscovtp version 21.3 Trunk: (Score: 2 Points)Create Trunking among the four switches to meeting the following requirements:l Trunk should be formed unconditionally and use ISL as your encapsulation methodl Choose the encapsulation method on your own and create a trunk between R6 and Sw2, make sure only VLAN_BB3 and VLAN_B will be allowed in this trunk1.4 Switching Management Configuration (Score: 2 Points)Configure a VLAN subnet YY.YY.90.0/24 from SW1 to SW4Their VLAN number is 100, Name is VLAN_SWITCHESThe ip addresses for VLAN_100 as followings:Sw1 ip address YY.YY.90.1/24Sw2 ip address YY.YY.90.2/24Sw3 ip address YY.YY.90.3/24Sw4 ip address YY.YY.90.4/241.5 Guest-VLANThe customer created a guest VLAN on SW3 (F0/11-18) use a radius server at 54/24(Rip路由中包含/24网段)进行802.1x认证，key cisco, (sure the switch can ping this address)初始配置：SW3 f0/11-f0/18,switch access vlan 999 (vlan name没有给定)aaa new-modelaaa authentication login CON noneaaa authentication login VTY lineline con 0 login authentication CONline vty 0 x login authentication VTYaaa authentication dot1x default group radiusdot1x system-auth-controlradius-server host 54 key ciscointerface range FastEthernet0/11 -18switchport mode accessswitchport access vlan 999 /-预配dot1x port-control autodot1x guest-vlan 9991.6 Ether-Channel ConfigurationCreate Ether-Channels among SW1, SW2, SW3 and SW4 so that all Ether-Channels between them will be formed unconditionally without using any protocol negotiation.mode on1.7 Ether-Channel Load-balancingTraffic analysis shows that R4 is sending packets to many hosts on VLAN_BB2，Your configuration on SW1 and SW2 should make the traffic efficiently distributed across the physical linksSW1:port-channel loadbalance dst-macSW2:port-channel loadbalance src-macshow etherchannel load-balance1.8 Shared Spanning-Tree Configuration (Score: 2 Points)To reduce CPU utilization on you switches, consolidate the spanning trees of the VLANs 11, 21 and 100 using the following criteria:l VLAN 11 and 21 share one common spanning tree, and Sw1 is the root bridge.l VLAN 100 is on another spanning tree, and Sw4 is the root bridgel All other VLANs share the default instanceSW1 SW4:spanning-tree mode mstspanning-tree mst configuration name CISCO revision 10 instance 1 vlan 11,21 instance 2 vlan 100SW1:spanning-tree mst 1 root primarySW4:spanning-tree mst 2 root primary1.9 Unidirectional link Detection and ControlTo avoid spanning-tree loops that are caused by a bad cable between Sw3 and SW4, configure your switch or switches so that the affected ports are disabled if a unidirectional link is detected.SW3/SW4:interface range f0/23 -24udld port aggressiveshow udld f0/231.10 Switch Flow ControlSometime hosts on VLAN_C are sending heavy traffic to R2 so that made R2 is dropping packets. Configure Sw2 so that it can receive instruction from R2 to temporary stop sending packet when the problem occurs.You may assume that R2 is able to send this instruction to SW2, and you DONOT have to configure R2 for this task.SW2:no mls qosinterface f0/2 flowcontrol receive onshow flowcontrol interface f0/21.11 Traffic Suppression (Score: 3 Points)Configure SW1 Fa0/10 so that in case when a broadcast floods on the interface happens, it will be controlled and meeting the requirements as following:l When the flood reach 85% bandwidth, traffic will blockl When drop to 60%, begin forwardSW1:interface f0/10 storm-control broadcast level 85 601.12 Spanning-Tree RootConfigure SW2 so that the device will be the ROOT for VLAN_BB2SW2:spanning-tree mst 0 root primary1.13 Managing the MAC address table aging entriesManaging the MAC address table aging entriesConfigure Sw3 so that the Mac-addresses aging-time for VLAN_BB3 is 500 secondsSW3:mac address-table aging-time 500 vlan 13Part 2 IP IGP ProtocolsPre-acknowledge:When you finish this section, you must be able to ping all the interfaces in your YY.YY.0.0 network, 150.1.YY.254 and 150.3.YY.254.You are not allowed to change the MTU on any of your routers.You are not allowed to explicitly ospf router id.2.1 RIPv2 ConfigurationR1 is receiving RIP routes from a router on VLAN_BB1Configure RIP routes as shown in Diagram 2 with the following requirements:l Do NOT use broadcast or multicast to propagate your RIP routes.l Subnets must NOT be aggregatedl RIP updates should only be sent out of the RIP enabled interfaces as per Diagram 2记得开启水平分割2.2 OSPF-Area 26l Configure ospf Area 26 as shown in Diagram2 (The frame-relay segment)l Configure so that it will conserve bandwidth and shorten ospf adjacency establishment time by avoiding DR election.R2/R6:interface s0/0 ip ospf network point-to-point2.3 OSPF-Area 0l Configure ospf area 0 as shown in Diagram 2.l Do not change the ospf network type for the frame relay network, R5 must be elected as the DR. / -(priority & neighbor)l Authentication is not required at this time.R6/R3:interface e0/0 ip ospf mtu-ignore2.4 OSPF Area 4 and Area 5l Configure Area 4 so only default route is injectedl Configure Area 5 so ospf default route into Area 5 routing tables of any ospf，Area 5s internal routers should have the ospf intra-area routes but not the ospf external routes2.5 Loopback 0 Address PlacementRouter Interface OSPF-AreaR3 Lo0 3Sw1 Lo0 3R6 Lo0 26R2 Lo0 4R5 Lo0 5R4 Lo0 02.6 Loopback AddressThese loopback 0 interface must not appear as a /32 route in ospf.2.7 EIGRP ConfigurationConfigure EIGRP as the followings:l Place the interface VLAN 100 in EIGRP YY and SW2, SW3 and SW4 loopback 0 address in EIGRP YY, DO NOT summarize subnetsl Place the backbone 3 network in EIGRP 100, The R6 EIGRP 100 neighbor on VLAN_BB3 will not send EIGRP QUERY packets to R6,DO NOT summarize subnetsR6:router eigrp 100 eigrp stub connected redistributed / -结合后面的重分布需求2.8 RIP and OSPF Route Summarization & Redistributionl Perform mutual redistribution between RIP and OSPFl Consolidate all RIP routes beginning with 199.172.X.X prefixes as one route, NOT /16l When redistributing them into OSPF, R1 and R3 should still have on their routing-table as 199.172.X.X RIP routesR3:router ospf 1YY summary address OSPF重分布进RIP时DENY掉这条汇总2.9 EIGRP YY and OSPF - Route Summarization & Redistributionl Perform mutual redistribution between EIGRP YY and OSPFl The route and the consolidated 199.172 route should not appear in the routing-table of SW2, SW3 and SW4l DO NOT use route filtering to perform this taskR3:router ospf 1YY summary address tag 120 summary address tag 120SW1:route-map DENY_TAG deny 10 match tag 120route-map DENY_TAG permit 20router eigrp YY redistribute ospf 1YY route-map DENY_TAG2.10 EIGRP 100 and OSPF - Route Summarization & RedistributionPerform mutual redistribution between OSPF & EIGRP 100 to meet the following requirements:l Redistribute EIGRP 100 routes 150.3.YY.0 and ONLY into OSPF (with access-list)l Redistribute OSPF routes YY.YY.6.0 and YY.YY.90.0 into EIGRP, DO NOT use the “distribute-list”l Summarize all 198.2 prefix routes as ONE(not /16)R6:interface e0/1.13 ip summary-address eigrp 100 ip prefix-list FROM_EIGRP permit /19ip prefix-list FROM_EIGRP permit 150.3.YY.0/24ip prefix-list FROM_OSPF permit YY.YY.6.0/24ip prefix-list FROM_OSPF permit YY.YY.90.0/24route-map FROM_EIGRP match ip address prefix-list FROM_EIGRProute-map FROM_OSPF match ip address prefix-list FROM_OSPFrouter eigrp 100 eigrp stub connected redistributed redistribute ospf 1YY metric 1000 100 255 1 1500 route-map FROM_OSPFrouter ospf 1YY redistribute eigrp 100 subnets route-map FROM_EIGRP2.11 IPv6 AddressingConfigure the interface on the following devices with IPv6 address:R2 Loopback 0 + Serial 0/0R4 Loopback 0 + Serial 0/0/0R5 Loopback 0 + Serial 0/0/0Use the assigned prefix of 3007:ABC:DEF:/64 on all interfaces(The subnet ID is 16 bit, and its value is the same as the third octet of the IPv4 address of same interface (in another words, you do not need to do the hex decimal conversion)For example, the R2 Serial 0/0 IPv6 subnet ID is 245 You need to determine the appropriate type of interface ID to use)注意：所有FR接口都要映射link local address & ipv6 address2.12 OSPFv3 RoutingWithout changing the network type, configure OSPF v3 routing for the frame-relay area 0 network with the following requirements:l R5 must be the DR of this network / -(priority & neighbor)ipv6指neighbor一定要指link local address(接口下配)R2/R4/R5:interface loopback 0 ipv6 ospf network point-to-pointl All three routes (R2, R4 and R5) must be able to ping each others IPv6 interface and their own Frame-Relay interfaces after you finished this task.l You DO NOT need to configure OSPFv3 for the other Area 0 between R2 and R6Part 3 BGP3.1 BGP Configuration (Score: 3 Points)l Your network contains 1 autonomous system, AS YY.l Configure BGP between R1, R3, and R4.l The BGP connections between R1, R3 and R4 should be active as long as there is an active TCP/IP path between these routers.l Do NOT use route reflectors. / -full mashl Ensure R3 contains BGP entries in its routing table once all BGP questions are complete.3.2 EBGP Configuration (Score: 2 Points)l Configure EBGP between R4 and the external lab router on Backbone 2. The neighbor on Backbone 2 has an IP address of 150.2.YY.254 and is in Autonomous System 254.l Configure EBGP between R1 and the external lab router on Backbone 1. The neighbor on Backbone 1 has an IP address of 150.1.YY.254 and is in Autonomous System 254.l Configure both EBGP session so that when R1 and R4 receive policy changes from their respective neighbors, the EBGP session do NOT have to be cleared in order for the new police to take effect.R1:neighbor 150.1.YY.254 soft-reconfiguration inboundR4:neighbor 150.2.YY.254 soft-reconfiguration inbound3.3 Route Reductionl The Backbone 2 router is advertising prefixes from 197.68.X.0 ON R4, generate a minimum super-net address that contains all the 197.68.Z.0 prefixes (be as specific as possible; the super-net should not include the entire /16 address space). Advertise this super-net and the more specific prefixes of 197.68.Z.0 to R1 and R3.R4:router bgp YY aggregate-address as-setl R1 and R3 must have the super-net pointing to R4 in their BGP routing tables.l On R1 and R3 the more specific routes should point to 150.1.YY.254 as the best next hop. Make sure 150.2.YY.254 is an alternative valid next hop. On R4 the more specific routes should point to 150.2.YY.254 as the best next hop.R4:route-map CONN match interface e0/0router ospf 1YY redistribute connected route-map CONN subnetsR1:router bgp YY neighbor 150.1.YY.254 weight 1000R3:router BGP YY neighbor YY.YY.1.1 weight 1000l Ensure that 150.1.YY.254 is an alternative valid next hopPart 4 Multicast4.1 Configuring Basic IP Multicast (Score: 3 Points)l Configure IP Multicast PIM Sparse Mode on R4 (E0/0, S0/0); R5 (Se0/0) and R2 (Fa0/1, S0/0 and Fa0/0). / -记得打ip pim nbma-model Make sure R5 lo0 is the RP for multicast groups and ONLY However do not configure the Rendezvous point on any router.R5:ip access-list standard GROUP permit permit ip pim rp-candidate loopback 0 group-list GROUPip pim bsr-candidate loopback 0l Configure R4 E0/0 to join multicast groups and . You should be able to ping both multicast groups from all multicast routers.ip pim join-group ip pim join-group 4.2 Limiting Multicast Traffic (Score: 3 Points)On R2, limit the bandwidth of the multicast traffic sent to group on Fa0/0 to 50kbps and sent to group on Fa0/1 to 1 Mbps.R2:access-list 1 permit access-list 2 permit interface f0/0ip multicast rate-limit out group-list 1 50interface f0/1 ip multicast rate-limit out group-list 2 1000Part 5 IP/IOS Feature5.1 DHCP Configuration (Score: 2 Points)Configure R6 to provide the following parameters for DHCP clients on VLAN_B:l Ensure that all IP addresses that have not yet been used in the subnet are available.l Allow the subnet as a 24-bit maskl The DNS servers are 150.1.YY.50 and 150.1.YY.51l The domain name is l For the default gateway, ensure that if R6 is down, R2 will be the default gateway for hosts already allocated an IP address. Do NOT configure HSRP as part of this solution.l Hosts must remain DHCP-assigned address forever.R6:ip dhcp pool DHCP network YY.YY.62.0 dns-server 150.1.YY.50 150.1.YY.51 domain-name default-router YY.YY.62.6 YY.YY.62.2 lease infiniteip dhcp excluded-address YY.YY.26.2ip dhcp excluded-address YY.YY.26.6no ip dhcp conflict logging5.2 Application Performance Monitoring and Analysis-IP SLA (3 Point)To test and monitor the performance of the telnet session between R4 and R1, configure R1 and R4 using the following criteria:l The telnet source is YY.YY.245.4 on R4 and the destination is YY.YY.1.1 on R1l The testing will occur once every hour and will continue to do so foreverl The testing will occur immediately after you finish the configure for this taskl R1 must be able to identify the R4 is the source of this testingR4:ip sla monitor 1 type tcpconnect dest-ipaddr YY.YY.1.1 dest-port 23 source-ipaddr YY.YY.245.4 frequency 3600ip sla monitor schedule 1 life forever start-time nowR1:ip sla monitor responder5.3 UDP Broadcast Management (3 Point)Configure the BB3 interface on R6 (G0/1.13) to forward incoming BoottrapProtocol client broadcast to 150.2.YY.254 on BB2R6:ip forward-protocol udp bootpcinterface G0/1.13 ip helper-address 150.2.YY.254Part 6 QOS6.1 Congestion Control (Score: 2 Points)Configure the R3 Frame Relay interface for rate limiting by configuring the parameters CIR, Bc and MINCIR, considering the following:l Your maximum throughput is 128kbpsl During congestion, your provider will mark any traffic in excess of 48kbps as discard eligible, Make sure your throughput changes accordingly, based upon BECNs received only.l Your token bucket interval is 125 ms / -CIR=BC/TCl Use a “map-class” to apply this feature to all PVCsR3:map-class frame-relay FRTS frema-relay adaptive-shaping becn frame-relay cir 128000 frame-relay mincir 48000 frame-relay bc 16000interface s0/0 frame-relay class FRTS frame-relay taffic-shaping / -别忘记打开关show frame-relay pvc6.2 Frame Relay Precedence and Eligible for Discarding (Score: 3Points)On R4 Serial 0/0/0, configure the existing Frame Relay PVC 405 to classify all ip traffic with precedence Routine(0) or Priority(1) as Eligible for Discarding during periods of traffic congestion. Do not use MQC to accomplish this taskR4:access-list 101 permit ip any any precedence 0access-list 101 permit ip any any precedence 1frame-relay de-list 1 protocol ip list 101interface s0/0frame-relay de-group 1 4056.3 Congestion Management (Score: 3 Points)l On R2 make sure all traffic leaving Fa0/0 set with IP Precedence 3 AND/OR traffic from VLAN_C destined to VLAN_BB1 has a guaranteed minimum bandwidth of 128K. Make sure, in case of congestion, that these packets get dropped randomly.(现在可能没这个需求了)l Limit all traffic leaving Fa0/0 set with IP Precedence 2 to 128K. Do NOT use policing or rate-limiting.l Do not use an ACL to match IP Precedence.l use MQC to accomplish this question.R2:access-list 101 permit ip YY.YY.22.0