CCIE RS LAB K1 完美修正版.doc

CCIE-LAB-K1所有设备loopback0 地址为Y.Y.X.X/32，分别为：R1：YY.YY.1.1/32 R2：YY.YY.2.2/32 R3：YY.YY.3.3/32 R4：YY.YY.4.4/32 R5：YY.YY.5.5/32SW1：YY.YY.7.7/32 SW2：YY.YY.8.8/32 SW3：YY.YY.9.9/32 SW4：YY.YY.10.10/32 BackBone 地址分别为：BB1：150.1.YY.254/24BB2：150.2.YY.254/24 BB3：150.3.YY.254/241.section -Layer21.1 Pre-configuration errorsvtp domain name mismatch between CCIERoutingandSwitching YY and CCIERoutingandswitching YYvtp password mismatch between cisco and cisco0Switch3 Fa 0/24 interface in the access mode which should be in vtp trunk mode.Switch2 Fa 0/10 interface backup interface Fa 0/4，just use command no switchport backup interface Fa 0/4 remove it.R5 interface serial 0/0/0 and interface serial 0/0/1 use no peer neighbor-router and so do R1 interface serial 0/0/1 and R3 interface serial 0/0/0.1.2 Implement the access-switch ports of the network as following tablesVlan NumberVlan NamePortsVLAN 15VLAN_BB1SW1-F0/5，SW1-F0/10VLAN 2VLAN_BB2SW2-F0/10VLAN 3VLAN_BB3SW1-F0/3，SW3-F0/10VLAN 11VLAN_ASW2-F0/1VLAN 13VLAN_BSW2-F0/3VLAN 22VLAN_CR2-F0/1.ZVLAN 24VLAN_HR2-F0/1.Z，SW2-F0/4VLAN 44VLAN_FSW1-F0/4VLAN 45VLAN_GSW2-F0/5Configure all of the appropriate nontrunking access switch ports on sw1,sw2,sw3,according to the following requirements:SW1 should be the root for all vlans and for any new vlan.BB devices must not be in the path to the root bridge.SW1（config）#spanning-tree vlan 1-4094 priority 0SW1(config)#interface Fa 0/10SW1(config-if)#spanning-tree guard rootSW2(config)#interface Fa 0/10SW2(config-if)#spanning-tree guard rootSW3(config)#interface Fa 0/10SW3(config-if)#spanning-tree guard rootConfigure the VLANS for the access switch ports show as the vlan tables,include the ports to BB1,BB2 and BB3.Configure trunk between SW2 F0/2 and R2 G0/1.SW2(config)#interface Fa 0/2SW2(config-if)#switchport trunk encapsulation dot1qSW2(config-if)#switchport mode trunkSW2(config-if)#switchport trunk allowed vlan 22,24Make sure that the spanning tree enters the forwarding state immediately. Only for these access switch ports,bypassing the listening and learning states.Avoid transmitting bridge protocol date units(BPDUS)on these access switch ports.If a BPDU is received on any of these ports,the ports should transition back to the listening,learning and forward states.SW1(config)#spanning-tree portfast defaultSW1(config)#spanning-tree portfast bpdufilter defaultSW2(config)#spanning-tree portfast defaultSW2(config)#spanning-tree portfast bpdufilter defaultSW3(config)#spanning-tree portfast defaultSW3(config)#spanning-tree portfast bpdufilter defaultSW4(config)#spanning-tree portfast defaultSW4(config)#spanning-tree portfast bpdufilter defaultAdd any special layer 2 commands that are required on the routers including trunkconfiguration.SW1:Vtp mode serverVtp domain CCIEroutingandSwitchingYYVtp password ciscoVlan 2Name VLAN_BB2Vlan 3Name VLAN_BB3Vlan 11Name VLAN_AVlan 13Name VLAN_BVlan 15Name VLAN_BB1Vlan 22Name VLAN_CVlan 24Name VLAN_HVlan 44Name VLAN_FVlan 45Name VLAN_GSW2/SW3/SW4Vtp mode clientVtp domain CCIEroutingandSwitchingYYVtp password cisco#show vlan briefSW1(config)#interface vlan 11SW1(config-if)#ip address YY.YY.15.162 255.255.255.224SW1(config)#interface vlan 13SW1(config-if)#ip address YY.YY.15.194 255.255.255.224SW1(config)#interface Fa 0/3SW1(config-if)#switchport mode accessSW1(config-if)#switchport access vlan 3SW1(config)#interface Fa 0/4SW1(config-if)#switchport mode accessSW1(config-if)#switchport access vlan 44SW1(config)#interface Fa 0/5SW1(config-if)#switchport mode accessSW1(config-if)#switchport access vlan 15SW1(config)#interface Fa 0/10SW1(config-if)#switchport mode accessSW1(config-if)#switchport access vlan 15SW2 SW2(config)#interface vlan 22SW2(config-if)#ip address YY.YY.15.130 255.255.255.224SW2(config)#interface vlan 2SW2(config-if)#ip address 150.2.YY.1 255.255.255.0SW2(config)#interface Fa 0/1SW2(config-if)#switchport mode accessSW2(config-if)#switchport access vlan 11SW2(config)#interface Fa 0/3SW2(config-if)#switchport mode accessSW2(config-if)#switchport access vlan 13SW2(config)#interface Fa 0/4SW2(config-if)#switchport mode accessSW2(config-if)#switchport access vlan 24SW2(config)#interface Fa 0/5SW2(config-if)#switchport mode accessSW2(config-if)#switchport access vlan 45SW2(config)#interface Fa 0/10SW2(config-if)#switchport mode accessSW2(config-if)#switchport access vlan 2SW3 SW3(config)#interface Fa 0/10SW3(config-if)#switchport mode accessSW3(config-if)#switchport access vlan 3SW4 SW4(config)#interface vlan 44SW4(config-if)#ip address YY.YY.15.66 255.255.255.224SW4(config)#interface vlan 45SW4(config-if)#ip address YY.YY.15.98 255.255.255.2241.3 Trunking manipulations:Configure the trunk ports between SW1,SW2,SW3 and SW4 according to the following requirements:Disable DTP on the six distribution ports for each switch.Set the list of allowed vlans that can receive and send traffic on these interfaces in tagged format in particular,only allow VLAN 2,3,11,13,15,22,24,44,45如果有tagged format vlan 1的关键字，就打上vlan dot1q tag nativeSW1(config)#interface range Fa 0/19 - 24SW1(config-if-range)# switchport trunk encapsulation dot1qSW1(config-if-range)# switchport mode trunkSW1(config-if-range)# switchport nonegotiateSW1(config-if-range)# switchport trunk allowed vlan 2,3,11,13,15,22,24,44,45SW2(config)#interface range Fa 0/19 - 24SW2(config-if-range)# switchport trunk encapsulation dot1qSW2(config-if-range)# switchport mode trunkSW2(config-if-range)# switchport nonegotiateSW2(config-if-range)# switchport trunk allowed vlan 2,3,11,13,15,22,24,44,45SW3(config)#interface range Fa 0/19 - 24SW3(config-if-range)# switchport trunk encapsulation dot1qSW3(config-if-range)# switchport mode trunkSW3(config-if-range)# switchport nonegotiateSW3(config-if-range)# switchport trunk allowed vlan 2,3,11,13,15,22,24,44,45SW4(config)#interface range Fa 0/19 - 24SW4(config-if-range)# switchport trunk encapsulation dot1qSW4(config-if-range)# switchport mode trunkSW4(config-if-range)# switchport nonegotiateSW4(config-if-range)# switchport trunk allowed vlan 2,3,11,13,15,22,24,44,451.4 Implement Frame relay:Use the following requirements to configure R1 and R2 for frame relay and R4 as the frame relay switch.Use ANSI LMI on frame relay switch and auto-sesing on R1 and R2.Dont use any static frame relay maps or inverse address resolutions protocol.Use RFC 1490/RFC2427(IETF)encapsulation.Use the data-link connection Identifer DLCI assignments from the table belowFrame-Relay DLCI assignmentRouterDLCI assignmentR1 frame-relay interface100R2 frame-relay interface200R4(config)#frame-relay switchingR4(config)#interface serial 0/0R4(config-if)#encapsulation frame-relay ietfR4(config-if)#frame-relay intf-type DCE R4(config-if)#clock rate 64000 R4(config-if)#frame-relay lmi-type ansiR4(config-if)#frame-relay route 100 interface serial 0/1 200R4(config-if)#no shutdownR4(config)#interface serial 0/1R4(config-if)#encapsulation frame-relay ietfR4(config-if)#frame-relay intf-type DCER4(config-if)#clock rate 64000R4(config-if)#frame-relay lmi-type ansiR4(config-if)#frame-relay route 200 interface serial 0/0 100R4(config-if)#no shutdownR1(config)#interface serial 0/0R1(config-if)#encapsulation frame-relay ietfR1(config-if)#no frame-relay inverse-arpR1(config-if)#no arp frame-relayR1(config-if)#no shutdownR1(config)#interface serial 0/0.100 point-to-pointR1(config-subif)#ip address YY.YY.15.242 255.255.255.252R1(config-subif)#frame-relay interface-dlci 100 ietfR1(config-subif)#endR2(config)#interface serial 0/0R2(config-if)#encapsulation frame-relay ietfR2(config-if)#no frame-relay inverse-arpR2(config-if)#no arp frame-relayR2(config-if)#no shutdownR2(config)#interface serial 0/0.200 point-to-pointR2(config-subif)#ip address YY.YY.15.241 255.255.255.252R2(config-subif)#frame-relay interface-dlci 200 ietfR2(config-subif)#end1.5 Traffic control protection from the backbones:Configure traffic control on the three backbone links,protecting your network from a broadcast storm.This protection should begin once broadcast traffic is half(50%) available bandwidth,the port should remain functioning during this time.SW1(config)#interface Fa 0/10SW1(config-if)#storm-control broadcast level 50SW2(config)#interface Fa 0/10SW2(config-if)#storm-control broadcast level 50SW3(config)#interface Fa 0/10SW3(config-if)#storm-control broadcast level 50SW1#sh storm-control Fa 0/10Interface Filter State Upper Lower Current- - - - -Fa0/10 Forwarding 50.00% 50.00% 0.00%继续完成如下配置后再进入3层配置：R1配置：R1(config)#interface Loop 0R1(config-if)#ip address Y.Y.1.1 255.255.255.255R1(config)#interface Fa 0/1R1(config-if)#ip address YY.YY.15.161 255.255.255.224R1(config-if)#no shutR1(config)#interface serial 0/1R1(config-if)#encapsulation pppR1(config-if)#no peer neighbor-routeR1(config-if)#ip address YY.YY.15.249 255.255.255.252R1(config-if)#no shutR2配置：R2(config)#interface Loop 0R2(config-if)#ip address Y.Y.2.2 255.255.255.255R2(config)#interface Fa 0/1R2(config-if)#no shutdownR2(config)#interface Fa 0/1.22R2(config-subif)#encapsulation dot1q 22R2(config-subif)#ip address YY.YY.15.129 255.255.255.224R2(config)#interface Fa 0/1.24R2(config-subif)#encapsulation dot1q 24R2(config-subif)#ip address YY.YY.15.34 255.255.255.224R3配置：R3(config)#interface Loop 0R3(config-if)#ip address Y.Y.3.3 255.255.255.255R3(config)#interface Fa 0/1R3(config-if)#ip address YY.YY.15.193 255.255.255.224R3(config-if)#no shutR3(config)#interface Fa 0/0R3(config-if)#ip address 150.3.YY.1 255.255.255.0R3(config-if)#no shutR3(config)#interface serial 0/0R3(config-if)#encapsulation pppR3(config-if)#no peer neighbor-routeR3(config-if)#ip address YY.YY.15.245 255.255.255.252R3(config-if)#no shutR4配置：R4(config)#interface Loop 0R4(config-if)#ip address Y.Y.4.4 255.255.255.255R4(config)#interface Fa 0/1R4(config-if)#ip address YY.YY.15.33 255.255.255.224R4(config-if)#no shutR4(config)#interface Fa 0/0R4(config-if)#ip address YY.YY.15.65 255.255.255.224R4(config-if)#no shutR5配置：R5(config)#interface Loop 0R5(config-if)#ip address Y.Y.5.5 255.255.255.255R5(config)#interface Fa 0/1R5(config-if)#ip address YY.YY.15.97 255.255.255.224R5(config-if)#no shutR5(config)#interface Fa 0/0R5(config-if)#ip address 150.1.YY.1 255.255.255.0R5(config-if)#no shutR5(config)#interface serial 0/0R5(config-if)#encapsulation pppR5(config-if)#no peer neighbor-routeR5(config-if)#ip address YY.YY.15.250 255.255.255.252R5(config-if)#no shutR5(config)#interface serial 0/1R5(config-if)#encapsulation pppR5(config-if)#no peer neighbor-routeR5(config-if)#ip address YY.YY.15.246 255.255.255.252R5(config-if)#no shutSW1配置：SW1(config)#interface Loop 0SW1(config-if)#ip address Y.Y.7.7 255.255.255.255SW2配置：SW2(config)#interface Loop 0SW2(config-if)#ip address Y.Y.8.8 255.255.255.255SW3配置：SW3(config)#interface Loop 0SW3(config-if)#ip address Y.Y.9.9 255.255.255.255SW4配置：SW4(config)#interface Loop 0SW4(config-if)#ip address Y.Y.10.10 255.255.255.255注意：做完以后，ping通所有直连！2.section -Layer3After finishing each of the following questions,make sure that all configured interfaces and subnets are consistently visible on all pertinent routers and switches.Dont redistribute between and interior gateway protocol(IGP) and board gateway protocol(BGP).You need to ping a bgp route only if it is stated in a question,otherwise the route should be only in the bgp table.At the end of section 2,all subnets in your topology,including the loopback interface expected for SW3,must be reachable via ping.Therefore redistribute as you wish unless directly stated in a question.The backbone interface must be reachable only if they are part of the solution to a question.The loopback interface can be seen as either /24 or /32 in the routing table unless stated otherwise in a question.The loopback interfaces can be added into your IGP either via redistribution or added to a routing process of your choice. 2.1 Implement IPv4 OSPFConfigure open shortest path first(OSPF)Updates should be advertised only out of the interface that are indicated inthe IGP topology diagram.Dont manually change the Router-IDDont create additional ospf area.Configre ospf area 2 such that there are no TYPE-5 Advertisments(LSA)in the area,R1 should generate a default route.SW2(config)#ip routingSW2(config)#router ospf YYSW2(config-router)#area 2 nssaSW2(config-router)#network YY.YY.15.130 0.0.0.0 area 2SW2(config-router)#network YY.YY.8.8 0.0.0.0 area 2SW2(config)#router ospf YYSW2(config-router)#redistribute connected subnets route-map bb2SW2（config）#route-map bb2 permit 10SW2（config-route-map）#match int vlan 2R2(config)#router ospf YYR2(config-router)#network YY.YY.15.241 0.0.0.0 area 2R2(config-router)#network YY.YY.15.129 0.0.0.0 area 2R2(config-router)#network YY.YY.2.2 0.0.0.0 area 2R2(config-router)#area 2 nssaR1(config)#router ospf YYR1(config-router)#area 2 nssa default information-originateR1(config-router)#network YY.YY.15.242 0.0.0.0 area 2R1(config-router)#network YY.YY.15.161 0.0.0.0 area 0R1(config-router)#network YY.YY.1.1 0.0.0.0 area 0R3(config)#router ospf YYR3(config-router)#network YY.YY.15.193 0.0.0.0 area 0R3(config-router)#network YY.YY.3.3 0.0.0.0 area 0SW1(config)#ip routingSW1(config)#router ospf YYSW1(config-router)#network YY.YY.15.194 0.0.0.0 area 0SW1(config-router)#network YY.YY.15.162 0.0.0.0 area 0SW1(config-router)#network YY.YY.7.7 0.0.0.0 area 0Configure OSPF over frame relay between R1 and R2 choosing a network type that requires designate router(DR) and backup designate router(BDR)negotiations and has the fatest recover times.R1(config)#interface serial 0/0.100 point-to-pointR1(config-subif)#ip ospf network broadcastR1(config-subif)#ip ospf dead-interval minimal hello-multiplier 20 R2(config)#interface serial 0/0.200 point-to-pointR2(config-subif)#ip ospf network broadcastR2(config-subif)#ip ospf dead-interval minimal hello-multiplier 202.2 Implement IPv4 EIGRPConfigure EIGRP 100 and EIGRP YY per the IGP topology diagram. EIGRP updates should be advertise only out to the interface per the IGP topoloty diagram.You ca