Professional Documents
Culture Documents
SECTION 1-1.1,1.2,1.3,1.4,1.5,1.6
SW1 conf t vtp mode server vtp domain CCIE vtp password cisco vtp version 2
vlan 16 name VLAN_16_R1toSW1 vlan 18 name VLAN_18_R1toSW3 vlan 28 name VLAN_28_R2toSW3 vlan 36 name VLAN_36_R3toSW1 vlan 45 name VLAN_45_R4toR5 vlan 68 name VLAN_68_SW1toSW3 vlan 69 name VLAN_69_SW1toSW4
vlan 89 name VLAN_89_SW3toSW4 vlan 100 name VLAN_100_BB1 vlan 200 name VLAN_200_BB2 vlan 300 name VLAN_300_BB3 vlan 500 name VLAN_500_Client vlan 999 name Unused_Ports
int range e0/0-3,e1/0-3,e2/0-1 sw acc vlan 999 sw mode acc shut exit
int e2/0 sw access vlan 100 sw mode access no shut int e0/1 sw access vlan 18
sw mode access no shut int e0/2 sw access vlan 28 sw mode access no shut int e0/3 sw access vlan 36 sw mode access no shut int e1/0 sw access vlan 100 sw mode access no shut int e1/1 sw access vlan 200 sw mode access no shut
int vlan 36 ip address 10.28.36.6 255.255.255.0 no shut int vlan 16 ip address 10.28.16.6 255.255.255.0 no shut
int vlan 68 ip address 10.28.68.6 255.255.255.0 no shut int vlan 69 ip address 10.28.69.6 255.255.255.0 no shut exit
int range e2/2-3,e3/0-3 no sw access vlan 999 sw trunk encap dot1q sw mode trunk sw trunk native vlan 1 sw nonegotiate no shut exit vlan dot1q tag native
int range e2/2-3 channel-group 14 mode active int range e3/2-3 channel-group 13 mode active int range e3/0-1 channel-group 12 mode active
spanning-tree mode rapid-pvst spanning-tree vlan 1-4094 root primary int e2/0 spanning-tree bpduguard disable spanning-tree bpdufilter enable exit int range e0/1-2 sw port-security sw port-security maximum 1 sw port-security mac-address sticky sw port-security violation shutdown exit
SW2
conf t vtp mode client vtp domain CCIE vtp password cisco vtp version 2
int e2/0 sw access vlan 200 sw mode access no shut int e0/1 sw access vlan 16 sw mode access no shut int e0/2 no switchport ip address 172.16.27.7 255.255.255.0 no shut int e0/3 no switchport ip address 172.16.37.7 255.255.255.0 no shut int e1/0 sw access vlan 45 sw mode access no shut int e1/1
int range e2/2-3,e3/0-3 no sw access vlan 999 sw trunk encap dot1q sw mode trunk sw trunk native vlan 1 sw nonegotiate no shut exit vlan dot1q tag native
int range e2/2-3 channel-group 23 mode active int range e3/2-3 channel-group 24 mode active int range e3/0-1 channel-group 12 mode active exit port-channel load-balance src-dst-mac
SW3 conf t vtp mode client vtp domain CCIE vtp password cisco vtp version 2
int range e0/0-3,e1/0-3,e2/0-1 sw acc vlan 999 sw mode acc shut exit
no shut int vlan 89 ip add 10.28.89.8 255.255.255.0 no shut int vlan 500 ip add 10.28.188.8 255.255.255.0 no shut int vlan 18 ip add 10.8.18.8 255.255.255.0 no shut int vlan 28 ip add 10.8.28.8 255.255.255.0 no shut
int range e2/2-3,e3/0-3 no sw access vlan 999 sw trunk encap dot1q sw mode trunk sw trunk native vlan 1 sw nonegotiate no shut exit vlan dot1q tag native
int range e2/2-3 channel-group 23 mode active int range e3/2-3 channel-group 13 mode active int range e3/0-1 channel-group 34 mode active exit port-channel load-balance src-dst-mac
spanning-tree mode rapid-pvst int e2/0 spanning-tree bpduguard disable spanning-tree bpdufilter enable exit SW4 conf t vtp mode client vtp domain CCIE vtp password cisco vtp version 2
exit
int range e0/1-3,e1/0-1 sw access vlan 500 sw mode access spanning-tree porfast sw protected sw block unicast sw block multicast no shut exit int vlan 300 ip add 150.3.8.1 255.255.255.0 no shut
int range e2/2-3,e3/0-3 no sw access vlan 999 sw trunk encap dot1q sw mode trunk sw trunk native vlan 1 sw nonegotiate no shut exit vlan dot1q tag native
int range e2/2-3 channel-group 14 mode active int range e3/2-3 channel-group 24 mode active int range e3/0-1 channel-group 34 mode active exit port-channel load-balance src-dst-mac
=============================================
1.7 Frame-relay with frame-relay ipv6,mpls and multicast config for interfaces
R3 conf t ip cef ipv6 unicast-routing ipv6 cef ip multicast-routing mpls ldp router-id lo 0 mpls label protocol ldp int s1/0 encapsulation ppp
mpls ip ip pim sparse-mode exit int e0/0 ip pim sparse-mode exit R5 conf t ip cef ipv6 unicast-routing ipv6 cef ip multicast-routing mpls ldp router-id lo 0 mpls label protocol ldp frame-relay switching int s1/0 encapsulation frame-relay no frame-relay inverse-arp clock rate 128000 frame-relay intf-type dce no shut exit int s1/0.100 frame-relay interface-dlci 100 mpls ip
int e0/1 ip pim sparse-mode mpls ip exit R1 conf t ip cef ipv6 unicast-routing ipv6 cef ip multicast-routing mpls ldp router-id lo 0 mpls label protocol ldp
int s1/1 encapsulation frame-relay no frame-relay inverse-arp no shut exit int s1/1.100 frame-relay interface-dlci 100 mpls ip ip pim sparse-mode int s1/1.8 frame-relay interface-dlci 18 mpls ip ip pim sparse-mode
int s1/0 encapsulation frame-relay no frame-relay inverse-arp ipv6 address FE80::14 link-local frame-relay map ip 10.8.14.4 200 broadcast frame-relay map ip 10.8.14.1 200 frame-relay map ipv6 2001:8:8:14::1 200 frame-relay map ipv6 2001:8:8:14::4 200 broadcast frame-relay map ipv6 FE80::41 200 broadcast ip pim sparse-mode mpls ip
no shut exit int e0/1 ip pim sparse-mode exit int e0/0 ip pim sparse-mode exit
R4 conf t ip cef ipv6 unicast-routing ipv6 cef ip multicast-routing mpls ldp router-id lo 0 mpls label protocol ldp frame-relay switching int s1/1 encapsulation frame-relay no frame-relay inverse-arp clock rate 128000 frame-relay intf-type dce ipv6 address FE80::42 link-local frame-relay map ip 10.8.24.2 28 broadcast
frame-relay map ip 10.8.24.4 28 frame-relay map ipv6 2001:8:8:24::4 28 frame-relay map ipv6 2001:8:8:24::2 28 broadcast frame-relay map ipv6 FE80::24 28 broadcast ip pim sparse-mode mpls ip no shut exit
int s1/0 encapsulation frame-relay no frame-relay inverse-arp clock rate 128000 frame-relay intf-type dce ipv6 address FE80::41 link-local frame-relay map ip 10.8.14.1 200 broadcast frame-relay map ip 10.8.14.4 200 frame-relay map ipv6 2001:8:8:14::4 200 frame-relay map ipv6 2001:8:8:14::1 200 broadcast frame-relay map ipv6 FE80::14 200 broadcast ip pim sparse-mode mpls ip no shut exit int e0/1
R2 conf t ip cef ipv6 unicast-routing ipv6 cef ip multicast-routing mpls ldp router-id lo 0 mpls label protocol ldp int s1/0 encapsulation frame-relay no frame-relay inverse-arp ipv6 address FE80::24 link-local frame-relay map ip 10.8.24.4 28 broadcast frame-relay map ip 10.8.24.2 28 frame-relay map ipv6 2001:8:8:24::2 28 frame-relay map ipv6 2001:8:8:24::4 28 broadcast frame-relay map ipv6 FE80::42 28 broadcast ip pim sparse-mode mpls ip no shut exit int e0/0
int vlan 16
ip ospf priority 255 int vlan 36 ip ospf priority 255 int vlan 68 ip ospf priority 255 exit router rip version 2 no auto-summary passive-interface default no passive-interface vlan 69 network 10.28.69.0 redistribute ospf 100 metric 5 exit
SW3 conf t sdm prefer dual-ipv4-and-ipv6 default ip routing ip multicast-routing router ospf 100 router-id 18.8.8.8 passive-interface vlan 500 network 18.8.8.8 0.0.0.0 area 0 network 10.28.68.8 0.0.0.0 area 0
network 10.28.188.8 0.0.0.255 area 500 area 0 filter-list prefix VLAN500 out exit ip prefix-list VLAN500 deny 10.28.188.0/24 ip prefix-list VLAN500 permit 0.0.0.0/0 le 32
router eigrp 8 no auto-summary network 10.8.18.8 0.0.0.0 network 10.8.28.8 0.0.0.0 exit router rip version 2 no auto-summary passive-interface default no passive-interface vlan 89 network 10.28.89.0 exit
network 150.3.8.0 0.0.0.255 redistribute rip metric 1544 20000 1 255 1500 exit router rip version 2 no auto-summary passive-interface default no passive-interface vlan 89 no passive-interface vlan 69 network 18.9.9.9 network 10.28.89.0 network 10.28.69.0 redistribute eigrp 100 metric 5 exit
R1 conf t router ospf 100 router-id 18.1.1.1 network 18.1.1.1 0.0.0.0 area 1 network 10.28.16.1 0.0.0.0 area 1 network 10.28.15.1 0.0.0.255 area 1 area 1 nssa exit int e0/1
ip ospf priority 0 exit router eigrp 8 no auto-summary network 10.8.18.1 0.0.0.0 network 10.8.14.1 0.0.0.0 network 10.8.15.1 0.0.0.0 distance eigrp 90 100 exit access-list 2 permit host 18.2.2.2
R3 conf t router ospf 100 router-id 18.3.3.3 network 18.3.3.3 0.0.0.0 area 1 network 10.28.36.3 0.0.0.0 area 1 network 10.28.35.3 0.0.0.255 area 1 area 1 nssa exit int e0/0 ip ospf priority 0 exit
R5 conf t router ospf 100 router-id 18.5.5.5 network 18.5.5.5 0.0.0.0 area 1 network 10.28.35.5 0.0.0.0 area 1 network 10.28.15.5 0.0.0.255 area 1 area 1 nssa redistribute eigrp 8 subnets exit router eigrp 8 no auto-summary network 10.8.45.5 0.0.0.0 network 10.8.15.5 0.0.0.0 redistribute ospf 100 metric 1544 2000 1 255 1500 exit int e0/1 delay 10000 exit int s1/0.100 ip ospf cost 1000 exit
R4 conf t router eigrp 8 no auto-summary network 18.4.4.4 0.0.0.0 network 10.8.45.4 0.0.0.0 network 10.8.14.4 0.0.0.0 network 10.8.24.4 0.0.0.0 exit int e0/1 delay 10000 exit
R2 conf t router eigrp 8 no auto-summary network 18.2.2.2 0.0.0.0 network 10.8.28.2 0.0.0.0 network 10.8.24.2 0.0.0.0 exit ================ tclsh foreach address { 10.8.14.1
10.8.15.1 10.8.18.1 10.28.15.1 10.28.16.1 18.1.1.1 10.8.24.2 10.8.28.2 18.2.2.2 10.28.35.3 10.28.36.3 18.3.3.3 10.8.14.4 10.8.24.4 10.8.45.4 18.4.4.4 10.8.15.5 10.8.45.5 10.28.15.5 10.28.35.5 18.5.5.5 10.28.16.6 10.28.36.6 10.28.68.6 10.28.69.6 18.6.6.6
10.8.18.8 10.8.28.8 10.28.68.8 10.28.89.8 10.28.188.8 18.8.8.8 10.28.69.9 10.28.89.9 18.9.9.9 150.3.8.1 150.3.8.254 } {ping $address}
========================
2.6 BGP
SW1/SW3/R2/R4/R5/R3
neighbor 18.1.1.1 transport connection-mode passive neighbor 18.1.1.1 password cisco address-family ipv4 neighbor 18.1.1.1 activate
R1 neighbor 18.2.2.2 remote-as 8 neighbor 18.2.2.2 update-source lo 0 neighbor 18.2.2.2 transport connection-mode active neighbor 18.2.2.2 password cisco neighbor 18.3.3.3 remote-as 8 neighbor 18.3.3.3 update-source lo 0 neighbor 18.3.3.3 transport connection-mode active neighbor 18.3.3.3 password cisco neighbor 18.4.4.4 remote-as 8 neighbor 18.4.4.4 update-source lo 0 neighbor 18.4.4.4 transport connection-mode active neighbor 18.4.4.4 password cisco neighbor 18.5.5.5 remote-as 8 neighbor 18.5.5.5 update-source lo 0 neighbor 18.5.5.5 transport connection-mode active neighbor 18.5.5.5 password cisco neighbor 18.6.6.6 remote-as 8 neighbor 18.6.6.6 update-source lo 0 neighbor 18.6.6.6 transport connection-mode active
neighbor 18.6.6.6 password cisco neighbor 18.8.8.8 remote-as 8 neighbor 18.8.8.8 update-source lo 0 neighbor 18.8.8.8 transport connection-mode active neighbor 18.8.8.8 password cisco
exit
R5 conf t router bgp 8 neighbor 150.2.8.254 remote-as 254 address-family ipv4 neighbor 150.2.8.254 activate neighbor 18.1.1.1 next-hop-self exit
SW4 conf t router bgp 144 bgp router-id 18.9.9.9 neighbor 10.28.69.6 remote-as 8 neighbor 10.28.89.8 remote-as 8 maximum-paths 2 exit
SW1 conf t router bgp 8 neighbor 10.28.69.9 remote-as 144 address-family ipv4 neighbor 10.28.69.9 activate exit
SW3 conf t router bgp 8 neighbor 10.28.89.9 remote-as 144 address-family ipv4 neighbor 10.28.89.9 activate exit
==========================================
2.8 MPLS
Note : mpls interface configuration already done in Section 1.7 SW2 conf t ip routing ip cef ip vrf SITE1 rd 3:3 ip vrf SITE2 rd 2:2 exit
int lo 71 ip vrf forwarding SITE1 ip add 71.71.71.71 255.255.255.255 exit int e0/3 ip vrf forwarding SITE1 ip add 172.16.37.7 255.255.255.0 no shut exit
ip add 72.72.72.72 255.255.255.255 exit int e0/2 ip vrf forwarding SITE2 ip add 172.16.27.7 255.255.255.0 no shut exit
address-family ipv4 vrf SITE1 network 71.71.71.71 mask 255.255.255.255 network 172.16.37.0 mask 255.255.255.0 neighbor 172.16.37.3 remote-as 8 neighbor 172.16.37.3 activate exit
address-family ipv4 vrf SITE2 network 72.72.72.72 mask 255.255.255.255 network 172.16.27.0 mask 255.255.255.0 neighbor 172.16.27.2 remote-as 8 neighbor 172.16.27.2 activate exit
ip vrf SITE1 rd 3:3 route-target both 3:3 route-target import 2:2 exit
neighbor 172.16.37.7 remote-as 777 neighbor 172.16.37.7 activate neighbor 172.16.37.7 as-override exit
ip vrf SITE2 rd 2:2 route-target both 2:2 route-target import 3:3 exit
router bgp 8 neighbor 18.5.5.5 remote-as 8 neighbor 18.5.5.5 update-source lo 0 address-family vpnv4 neighbor 18.5.5.5 activate
neighbor 18.5.5.5 send-community extended address-family ipv4 vrf SITE2 neighbor 172.16.27.7 remote-as 777 neighbor 172.16.27.7 activate neighbor 172.16.27.7 as-override exit
R5 conf t router bgp 8 neighbor 18.2.2.2 remote-as 8 neighbor 18.2.2.2 update-source lo 0 neighbor 18.3.3.3 remote-as 8 neighbor 18.3.3.3 update-source lo 0 address-family vpnv4 neighbor 18.2.2.2 activate neighbor 18.3.3.3 activate neighbor 18.2.2.2 route-reflector-client neighbor 18.3.3.3 route-reflector-client exit ================================
ipv6 unicast-routing ipv6 cef ipv6 router ospf 100 router-id 18.6.6.6 exit int lo 0 ipv6 address 2001:28:8:6::6/128 ipv6 ospf 100 area 0 exit int vlan 68 ipv6 address 2001:28:8:68::6/64 ipv6 ospf 100 area 0 exit
SW3 conf t ipv6 unicast-routing ipv6 cef ipv6 router ospf 100 router-id 18.8.8.8 redistribute eigrp 8 redistribute connected exit ipv6 router eigrp 8 router-id 18.8.8.8
redistribute ospf 100 metric 10000 2000 255 1 1500 redistribute connected metric 10000 2000 255 1 1500 no shut exit int lo 0 ipv6 address 2001:28:8:8::8/128 ipv6 ospf 100 area 0 exit int vlan 68 ipv6 address 2001:28:8:68::8/64 ipv6 ospf 100 area 0 exit int vlan 18 ipv6 address 2001:8:8:18::8/64 ipv6 eigrp 8 exit int vlan 28 ipv6 address 2001:8:8:28::8/64 ipv6 eigrp 8 exit
no shut exit int lo 0 ipv6 eigrp 8 int e0/0 ipv6 eigrp 8 int s1/0 ipv6 eigrp 8
R4 conf t ipv6 router eigrp 8 router-id 18.4.4.4 no shut exit int lo 0 ipv6 eigrp 8 int e0/1 ipv6 eigrp 8 int s1/0 ipv6 eigrp 8 int s1/1 ipv6 eigrp 8
R1 conf t ipv6 router eigrp 8 router-id 18.1.1.1 no shut exit int lo 0 ipv6 eigrp 8 int e0/0 ipv6 eigrp 8 int s1/0 ipv6 eigrp 8 int s1/1.8 ipv6 eigrp 8 exit int tunnel 13 ipv6 address 2001:13:13:13::1/64 tunnel source lo 0 tunnel destination 18.3.3.3 ipv6 eigrp 8 exit
router-id 18.5.5.5 no shut exit int lo 0 ipv6 eigrp 8 int e0/1 ipv6 eigrp 8 int s1/0.8 ipv6 eigrp 8 exit R3 conf t ipv6 router eigrp 8 router-id 18.3.3.3 no shut exit int lo 0 ipv6 eigrp 8 int tunnel 13 ipv6 address 2001:13:13:13::3/64 tunnel source lo 0 tunnel destination 18.1.1.1 ipv6 eigrp 8 exit
=========================
int lo 0 ip pim sparse-mode int vlan 16 ip pim sparse-mode int vlan 36 ip pim sparse-mode int vlan 68 ip pim sparse-mode ip pim dr-priority
SW3 conf t ip multicast-routing int lo 0 ip pim sparse-mode int vlan 18 ip pim sparse-mode
int vlan 28 ip pim sparse-mode int vlan 68 ip pim sparse-mode int vlan 500 ip pim sparse-mode exit R3 conf t int lo 1 ip add 200.100.100.100 255.255.255.255 no shut exit router ospf 100 network 200.100.100.100 0.0.0.0 area 1 exit ip msdp peer 18.2.2.2 connect-source lo 0 ip msdp originator-id lo 0 ip pim bsr-candidate lo 1 ip pim rp-candidate lo 1 exit
R2 conf t int lo 1
ip add 200.100.100.100 255.255.255.255 no shut exit router eigrp 8 network 200.100.100.100 0.0.0.0 exit ip msdp peer 18.3.3.3 connect-source lo 0 ip msdp originator-id lo 0 ip pim bsr-candidate lo 1 ip pim rp-candidate lo 1 exit R4 conf t int e0/1 ip igmp join-group 232.1.1.1 exit do wr int lo 0 ip pim sparse-mode exit
conf t ip access-list extended FILTER permit tcp any any eq smtp permit tcp any eq smtp any permit tcp any any eq www permit tcp any eq www any permit udp any any eq domain permit udp any eq domain any permit icmp any any exit
vlan access-map BLOCK 10 action forward match ip address FILTER exit vlan filter BLOCK vlan-list 500
crypto key generate rsa line con 0 no login local line vty 0 4 login local transport input none transport input ssh exit Verify with R3 ssh -l admin 18.5.5.5 ssh -l guest 18.3.3.3 ===================================
R2/R3
conf t class-map match-all QOSGROUP123 match qos-group 1 match qos-group 2 match qos-group 3 class-map match-all QOSGROUP5 match qos-group 5 class-map match-all QOSGROUP467 match qos-group 4 match qos-group 6 match qos-group 7
policy-map INBOUND class class-default set qos-group mpls experimental topmost exit
policy-map SHAPING class class-default shape average 3000000 set prec qos-group service-policy CE-FACING exit
int s1/0
service-policy input INBOUND exit int e0/1 no service-policy output CE-FACING service-policy output SHAPING exit
1) ping vrf SITE 1 target ip : 72.72.72.72 Datagram : 150000 (if R1 has police with set-mpls-exp-transmit 4 TOS : 160
2) ip access-list extended QOSTEST 10 permit ip any any precedence routine 20 permit ip any any precedence priority 30 permit ip any any precedence immediate 40 permit ip any any precedence flash 50 permit ip any any precedence flash-override
60 permit ip any any precedence critical 70 permit ip any any precedence internet 80 permit ip any any precedence network
route-map LO148
R4 conf t int lo 148 ip add 148.0.0.4 255.255.255.255 exit router eigrp 8 network 148.0.0.4 0.0.0.0 exit
4.6 NTP R1 conf t ntp master 1 clock calendar-valid ntp source lo 0 ntp update-calendar
R3/R5 conf t
ip access-list extended ICMP_ECHO permit icmp any any echo permit icmp any any echo-reply
class-map SSH match access-group name SSH class-map ICMP_LIMIT match access-group name ICMP_ECHO class-map match-any BLOCK match access-group name HTTP
policy-map CONTROL class SSH police cir 16000 conform-action transmit exceed-action drop class ICMP_LIMIT police rate 100 pps burst 10 packets class BLOCK drop exit control-plane service-policy input CONTROL
===================================================