- 积分
- 0
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 注册时间
- 2010-9-23
- 最后登录
- 1970-1-1
- 阅读权限
- 0
- 听众
- 收听
游客
|
太多的朋友关注我了,我本来不想写战报了,因为前面的战报内容已经和考试内容基本一致了,没有太大的改变,除了TS的考试点要注意。下面我来说说我的情况吧!
, V1 H7 l! J0 S7 e1 c2 T" M 字数有点多,但是我已经减了无数字了,希望大家都能全部看完,因为这会让你在接下来的考试得到一个明确的解决办法。
4 \) V' u0 L: U. Y 1 a( Y7 D3 s, y r! a5 k" u' d* Q
,我正常去HK考试,发现人都到的很早哦,7点45分就有4个人了。人齐后,其中4个路由交换(1个新加波),1个语音,1个安全(印度人)。
& W5 h3 B+ m- B& m y 开考后,除了32号机架的是TS2,其他全部人都是TS1。而我就是坐38号机架的位置上。; T1 i2 [. U$ {% {
填完个人信息后开始考试,但是一开始就发现了一个平时不常发现的问题。就是设备号和配置不匹配。具体怎么说呢?好比TS1的帧中继部分是R22---FR—R23,我打开R22,显示的hostname是R22但是里面的端口却是R23的端口,然后打开R23,竟然里面全部是R22的内容。那就出现了部分信息重叠和混搭了。因为考试的时候不主张问考官,而且还是一开始就问,这样会显得没有配错能力。所以我就开启设备管理器,去重启所有路由器设备,然后重新加载设备。在长达20分钟的重启和加载,问题还是没能得到解决。在万般无奈之下,我举手找考官,Bruce来了后也开始发现了我的这个问题,他的操作是从第一台设备重启到最后一台设备,逐个按钮按(这是最郁闷的…),然后全部重启后,再从第一个设备重新加载到最后一个设备,(这个更加郁闷…心都快憋死了)但是依然也没能解决这个问题。Bruce告诉我先别动设备,他就回去自己的座位帮我弄,过了大约5分钟,Bruce又来了我这,又 把上面的步骤重复了一次(心都快吐血了),在这次完成后,发现设备号终于和配置对上号了。在确定基本没有问题后,Bruce说我是在开考20分钟后举手,而他是花了我20分钟来解决这个问题,所以他提出还我20分钟。我谢过Bruce,开始了这趟TS旅程。: O" i/ E4 E$ K2 C, X/ d4 U1 Q& [
正式开始后,第一题就是FR,可是我在FR设备看到的所有端口都是管理DOWN的,并且怎么看都不像是有配置的那种。不知道是不是设备还没弄好,我就又开始重启设备。希望能恢复有配置的设备。在过了3分钟左右,设备好像加载了配置,但是我在R22和R23上面去补充完命令后,show fram map 看到的却是一片空白,并不是inactive 或者 deleted。这个时候说不紧张是骗你的。我看看时间,一分一秒的过去,我还没开始正式参与到考试中,那个感觉就像坐云霄飞车,冲到天空的时候你被抛了出去一样。那是一种绝望的感觉。
4 n9 \. V# Z; [; ~: @* K: f2 A# i7 O 因为不能因为一条题目而影响整个TS的进度,我毅然决定跳过。/ x% }- w/ M4 Y* {1 G
第二题是交换的题目,问题和战报说的大体一致,也是那么个情况,可是就算我怎么努力的去弄,但是都还是无法让R14学到正确的路由信息,或者可以说R14上只有直连路由的信息。
( n' S [: ^) G( d3 u! m( H 因为不能因为一条题目而影响整个TS的进度,我毅然决定又跳过。
% s9 e1 ^8 P! K3 W" K! H 去到MPLSBGP的地方,这个点和战报说的一样,是要解决所以PE需要看到其他的PE有两个RR,但是TR点却并不是我们平时战报说的那样简单。我把所有可能出现的问题都看过了,都弄了一遍,都无法解决。
8 y8 p. O3 h6 _6 P- D2 M; K* v 因为不能因为一条题目而影响整个TS的进度,我毅然决定又跳过….好了后面大家都应该可以知道了,我这份TS都不知道跳过了多少题。' Q; y) V5 r( L% j) _
- O5 B2 ~! t: F' Y 在考试的2个小时里面,我花了30分钟解决设备问题。然后有个最主要的问题是38号机架的速度非常非常慢,慢到什么情况呢,开一个R19,我想show run | b ip dhcp 要等上接近足足2分钟时间(放心,绝对足金足两)。所以在所有设备上的SHOW命令的等待时间,就可以用去我30分钟以上的时间,这个时间是绝对的。如果配置多,这个30分钟可能还是很保守的。
3 Z5 ]3 o+ _ }! A2 A3 a. Y+ P 所以最终我只有不到1个小时的时间来排除这些问题。2 ~) F/ l$ B# ~9 V" k4 a. p3 I: ]
这里有个绝对建议,希望各位接纳:
6 ~8 y: S; O3 m在平时,各位要保证能在40分钟内解决完所有的TS内容,并且可以保证每次的show命令都是准确到位,绝对不能出现show错,或者看些并不能正确解决问题的show命令,因为那个延迟会让你丧失所有的斗志。7 M) E9 ?1 m1 k( ~
对TS的错误点要有100%的准确。你一定要记住这个地方考的是什么,能立竿见影!( [4 G; m L" |# w9 i$ j
你要清楚明白这个考点可能涵盖的其他所有信息。
8 L/ E8 E3 k& b: u% d5 W: I$ R7 x/ A比如MPLS,你要知道mpls-label这个命令的作用,并且知道交流LDP的Loopback号和显示show ip bgp的Loopback号不同的情况下怎么弄。3 I7 o; O. l: t, j
最后在设备的延迟,在能力不足的情况下,结果以杯具告终。/ H7 A# C' v! L, ~; i( w
好了,我想,或许也是一个时段的结束吧,而这个杯具的人是:小一。4 D3 h. T+ K7 v& c1 _! a
3 K, j! m! H2 r. O/ v
我没有什么东西能送给大家,这些是我准备的TS步骤解决方案,本来不打算公开的。但是现在还是发上来给大家做个参考吧,这些解决方案只是针对部分TS的部分错误,并不代表全部内容。
8 N8 [# `1 J0 D& B9 ]' _这里有个小小的请求:看了这个解决方案的朋友就自己保留好了,不要转发,虽然不是什么奇珍异宝,但是也是我的个人心血。如果谁需要就叫他们自己去下载战报吧!不下载的就不要发这个信息给他们了。谢谢各位对我的理解和支持。
7 d6 M8 _$ B% V2 t0 I9 o# T! e% r: u$ Y
1 H; J7 w( Y/ }9 P' X, v* V, |1 k9 {/ T/ j" R1 V
+ k0 Z6 L+ j6 u ~% U1 _( q; m. b
" R0 h' k0 M H# ^1 j
$ Z& I1 m2 q; X0 h
# ]7 A. _6 s& C. [7 I2 {& L) ?" }2 W: E6 U! ?. D" z$ h
' a6 Q1 `# Y% Y8 N/ E" j5 @, d7 W
: U: e# S+ f/ [3 W& Q" J7 }
! y0 {8 C# s" u7 m- I$ \: w) h- L& _& Y7 V. ?" K4 |
TS1
# x* S/ ]/ T- H5 \这里的题目均是参照排错题目和部分战报制作而成。
* E& @3 U% E/ R$ |+ w4 ?" a+ y如需要获得更多详细的信息,请参考以下两份战报。7 M; V# d4 B7 c3 @6 n
1.20110211 成都互联神州 超详细 新TS1++ K2 HK Francisco Fail
3 J! Z% {5 }0 U3 K5 c6 c0 o1 f2.TS1总结(完全冲刺版)3 c2 x8 [ n3 A6 I/ B3 g
此步骤和解释均是个人见解,如有任何理解上的错误或是解释上的错误,请忽略。( {6 R3 J, r6 q8 Z2 T% |" S5 _. U
1.R16 can NOT ping R19 loopback0, The flow should redundancy with both. Can NOT use static route.9 x8 \$ N+ w7 W. H3 M
R16#show ip route: z- ]. ~9 ?# _ K% Y+ K+ N, Z
172.14.0.0/16 is variably subnetted, 2 subnets, 2 masks
# C6 Q: c* S1 @: pD 172.14.0.0/16 is a summary, 00:13:03, Null0, P3 u" d* `8 O2 B! V6 b! i
C 172.14.12.8/29 is directly connected, Ethernet1/0* d0 u9 Q6 l7 ~' q( w+ c7 }
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks: j& x% v" N0 E- b: s
D 10.0.0.0/8 is a summary, 00:13:01, Null06 M3 l( G/ @- `9 I! j, K
C 10.1.1.16/32 is directly connected, Loopback0
5 @: m9 o1 G0 ?- cR16#4 l8 ~+ h3 ^$ r- x0 ~
//先验证,看不到有R19的loopback口地址,并且所有的EIGRP地址都是汇总地址。* a$ C$ R$ @& w1 X& i
//这里可以发现,R16从R17和R18处收到的EIGRP路由是汇总路由(auto-summary)
`* @! q }8 M% T* BR16#show ip pro6 N0 D0 M# n5 E3 D7 \1 R
Routing Protocol is "eigrp 200"
6 I9 C& l' J0 p7 L4 W' lR16#show run | be r eigrp 200: M; t. `, g/ ?$ B
router eigrp 200) E% P2 N3 y5 H9 I
network 10.1.1.16 0.0.0.01 ?5 A8 \: f) y! [' b V6 K$ r0 C
network 172.14.12.0 0.0.0.3/ Y) n. M1 Z# l t
network 172.14.12.8 0.0.0.7e
3 g1 R/ X) a8 | g% d+ Z auto-summary* ], C/ h8 X9 P. V
R16#conf t8 g5 w0 O7 k# c7 ~( M
R16(config)#router eigrp 200+ @$ E' F4 N. M! q) H
R16(config-router)#no auto-summary( e7 \- A1 r& L+ v. N, g
R16(config-router)#/ ~/ X: @3 z. a6 N e A- R
Mar 1 00:16:29.647: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.11 (Ethernet1/0) is resync: summary configured; ]7 P5 r# X8 ]
Mar 1 00:16:29.647: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.10 (Ethernet1/0) is resync: summary configured! q* f+ E/ \1 C1 d0 U$ C5 S
R17#show run | be r eigrp 200
, \; u1 P1 |* d! X' }7 \" C/ frouter eigrp 200" b. ^2 ]( k7 n q% r1 J1 q
network 10.1.1.17 0.0.0.0" ]9 H3 O0 O" w! ~2 r
network 172.14.12.8 0.0.0.7# |/ g: y, F! _# j7 m6 M' ^
network 172.14.12.16 0.0.0.7
3 J! q8 ?7 }6 H" z auto-summary( I8 J; L' h' g& A9 w: f& s
R17(config)#router eigrp 200
) O1 n, O7 E0 }: a b) a7 |& JR17(config-router)#no auto-summary
4 ]$ V3 V0 Z$ `$ X- } @0 N9 `- n& ]R17(config-router)#
4 d3 v! Z3 F- @6 F( W*Mar 1 00:17:23.725: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.12 (Ethernet0/0) is resync: summary configured
" x! K# C/ D' k: c. T2 B$ p*Mar 1 00:17:23.725: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.11 (Ethernet0/0) is resync: summary configured- |2 t" r" g& C; o
R18#show run | b r eigrp 200
! Q ~$ Q( }+ U. j0 n" C3 Vrouter eigrp 200/ U* g* b d2 h1 e! @! Q K* F
network 10.1.1.18 0.0.0.0
v$ p8 L( x& T! ` network 172.14.12.8 0.0.0.78 p' m$ p! `6 j9 a& h- J0 U
network 172.14.12.16 0.0.0.7
9 {& l' g3 \1 u4 i( ` auto-summary
$ i. u7 I! y9 i6 eR18(config)#router eigrp 200
# G! B! `# j1 W' T `: |. A, ]9 vR18(config-router)#no auto-summary
$ \$ S9 E0 o; Q D# ]7 mR18(config-router)# H3 F0 i+ o' l
*Mar 1 00:18:39.347: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.12 (Ethernet0/0) is resync: summary configured
- M7 `/ u7 P, o*Mar 1 00:18:39.351: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.10 (Ethernet0/0) is resync: summary configured
+ R! Q! U' b1 m% `! s& v: yR16#show ip route; Q X) N4 w$ u# A) ? i" d- \
172.14.0.0/29 is subnetted, 1 subnets* q% g+ o1 B6 e6 c2 E. Q+ [4 [
C 172.14.12.8 is directly connected, Ethernet1/03 e, y N4 T! v5 K
10.0.0.0/32 is subnetted, 3 subnets
+ n- u% g+ b+ h6 v. PD 10.1.1.18 [90/409600] via 172.14.12.11, 00:31:45, Ethernet1/0
3 [- ]$ C4 O" t& y* z& Q2 @C 10.1.1.16 is directly connected, Loopback0
) c, ]/ Y d) a/ ]. D7 TD 10.1.1.17 [90/409600] via 172.14.12.10, 00:33:00, Ethernet1/0
6 N% c* h8 P! I: m% dR16#
, l- t& D- l4 f* [- d/ l, e//这个时候,R16可以收到R17和R18发过来的明确路由了,但是依然没有R19的物理接口路由和Loopback口路由。
8 e" P# Q% {& t" Q1 y//去R17和R18上看看有没有R19的直连路由。
% X5 ]) i3 ` t( YR17#show ip route
1 G( x2 j; i- \. O3 w 172.14.0.0/29 is subnetted, 1 subnets {: h1 g2 C3 _; q/ E
C 172.14.12.8 is directly connected, Ethernet0/0* ~& x( k6 @7 Q0 ]. [" o. j
10.0.0.0/32 is subnetted, 3 subnets
2 Z' g7 ?2 c( B+ x4 iD 10.1.1.18 [90/409600] via 172.14.12.11, 00:32:38, Ethernet0/0
' e5 \% q/ Y- Q8 @9 E( ?D 10.1.1.16 [90/409600] via 172.14.12.12, 00:01:47, Ethernet0/0
' ~ Z0 p( f0 t; R, H9 @C 10.1.1.17 is directly connected, Loopback0
/ f; E* z; f/ _2 c//R17也没有R19的直连路由,查看接口地址是否UP。
2 o1 X$ X: j* t7 c6 _( M6 |% qR17#show ip int br6 w# b1 ?, M* x! G4 C
Interface IP-Address OK? Method Status Protocol+ y1 i3 f. I' g5 o
Ethernet0/0 172.14.12.10 YES NVRAM up up ! p' q! }; k. b2 K' {0 q3 X; n/ G
Ethernet0/1 unassigned YES DHCP up up
7 D0 ]& L6 s' s- yEthernet0/2 unassigned YES NVRAM administratively down down
& P9 O. z9 L1 c# f3 i/ XEthernet0/3 unassigned YES NVRAM administratively down down* k3 j$ |( {& S. Y7 i
Loopback0 10.1.1.17 YES NVRAM up up
8 ~1 o7 z3 |9 ~0 b; t! |$ o1 i3 zR17#, x; |8 H! G. n0 z/ @+ U
//发现R17连R19的E0/1是通过R19的DHCP分配的,因此去检查R19的配置。
5 w9 W+ }3 W# S/ v0 YR19#show ip dhcp pool
' F' A1 @6 Y# N9 o8 D* vPool dhcp :% v! F0 |' Y3 U! ~* R. V% A9 W3 ~
Utilization mark (high/low) : 100 / 0: `! ^) y1 C8 U5 m8 \! X
Subnet size (first/next) : 0 / 0) R& W4 `9 a1 ]' c' I6 r: r
Total addresses : 6
" V5 E( D; v4 b9 G7 M Leased addresses : 09 D1 {# a2 F" l) w
Pending event : none
( }" R- k) a0 \ 1 subnet is currently in the pool :
5 |/ o$ d5 S% q# Z- `2 K9 V" V Current index IP address range Leased addresses- o3 }! T/ @ V
172.14.12.17 172.14.12.17 - 172.14.12.22 0/ U/ w' B8 U) D5 _
R19#0 U1 O8 H3 r* j/ S9 ^ m6 x9 L( \8 _
//R19的DHCP地址池中一共有6个地址,被使用的是0个。地址池的范围是: 172.14.12.17 - 172.14.12.22
& {# c8 w# o: ~+ Y//检查R19的物理端口。
$ f; T# v% z! q) C. GR19#show run int e0/0
/ G8 q) |9 O# h. f3 {. ointerface Ethernet0/05 y6 X l+ r5 R7 X# k/ `0 n d
ip address 172.14.12.19 255.255.255.248: G1 e) N9 q4 z- E7 F& Q
ip authentication mode eigrp 200 md5
: W# X, y* W3 Z ip authentication key-chain eigrp 200 eigrp
/ m- w. n# H% w$ F0 g half-duplex t" a- {( M4 K" ]6 _5 p
end. ?9 u2 B+ V5 ~3 Z
//地址掩码匹配正确。255.255.255.248 是/29位地址,每八位递增一个子网地址,那么172.14.12.0的下一个子网地址如下:
1 Z# Q; N! ^( t4 i, e% M- ?% U//子网地址为:172.14.12.16
* n7 g% I# h5 D- u8 v//广播地址为:172.14.12.232 i" ^; `$ [- t7 g1 |! E9 R: m* j! x
//可使用主机范围:172.14.12.17-172.14.12.22
6 q4 J" b: K7 j. `3 e+ l1 n( d3 ~//检查是否有命令把DHCP给block掉了。9 T4 I6 ~, @7 g# P3 I: h7 j" E
R19#show policy-map
- x. F) R T6 Y3 m0 X Policy Map xx
: Q0 E2 w9 b6 H5 J" i) C, }0 S3 A Class xx
6 m4 `& n/ k5 \4 v4 j" ~: Q$ T! a drop
/ h2 ^7 T+ u5 D# B2 UR19#show class-map xx) |6 W, x$ \5 n/ b% d
Class Map match-all xx (id 1)
1 n1 N3 @( [& ^3 Q Match access-group 100
) ]$ i8 T9 a' _( ]6 h! AR19#show access-lists. Y7 j: k- P/ y/ G* _
Standard IP access list 1, L. V/ F3 p+ B5 s8 `% V, {
10 permit 172.14.12.0, wildcard bits 0.0.0.255$ }/ p2 Z2 @7 l1 ^
Extended IP access list 100( Y# T$ ^. P# w2 N8 ~
10 permit ip any any (52 matches)2 \9 l+ m; U9 F, m, b, d' H( c
20 deny udp any any
0 t H0 @+ f9 y, d, k; k eR19#0 \; r- c. T* W% P! k# t2 G. C
//可以发现,R19通过policy-map把IP包的数据流给drop掉了。$ L- S4 a8 l8 c7 a' ?1 |, ~
R19(config)#policy-map xx
, v0 a% k/ w6 YR19(config-pmap)#class xx3 U6 L/ l( Y1 Z; N8 J- G9 w
R19(config-pmap-c)#no drop
3 i; r Z% e4 W. uR19(config-pmap-c)#
% o8 Z; e, d, j*Mar 1 00:07:09.851: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.17 (Ethernet0/0) is up: new adjacency$ Z( W- _! W6 s9 c, V) D
*Mar 1 00:07:10.195: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.18 (Ethernet0/0) is up: new adjacency
3 y I9 t! M. g$ J" u* U* s//同一时间查看R17的弹出信息和R18的弹出信息; t8 n$ e- V* a( G% g+ y: v3 z
R17(config)#
8 E+ h5 A9 u# Q7 Y# X*Mar 1 00:07:10.207: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.19 (Ethernet0/1) is up: new adjacency: a1 K% V8 w: Z
*Mar 1 00:07:10.523: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.18 (Ethernet0/1) is up: new adjacency- c' c3 z: i2 ^, R: o
*Mar 1 00:07:10.959: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/1 assigned DHCP address 172.14.12.17, mask 255.255.255.248, hostname R17. N+ v4 P; D5 P) ~: Q! P/ w
R18(config)#
2 V2 ?7 x' L- z: S8 h- j1 `*Mar 1 00:07:10.795: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.17 (Ethernet0/1) is up: new adjacency
" D& ?# a% |( t) A*Mar 1 00:07:10.807: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.19 (Ethernet0/1) is up: new adjacency0 k v' \5 ^$ k) {
*Mar 1 00:07:11.887: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/1 assigned DHCP address 172.14.12.18, mask 255.255.255.248, hostname R18
5 i8 K: P: P; z& }- B//这时,R17和R18已经获得了R19的DHCP 服务器分配的IP地址。& h9 X( S7 v( ]1 R
R17#show ip int br, W2 Y1 u6 p% \1 B. V* h' o. \0 Q
Interface IP-Address OK? Method Status Protocol& [8 W7 ~7 i2 d' u4 C
Ethernet0/1 172.14.12.17 YES DHCP up up
& T+ n+ c% I8 E: V6 TR19(config-pmap-c)#do show ip route; s- c5 e8 `$ \* f/ Y6 d B1 Z5 l
192.168.14.0/30 is subnetted, 1 subnets
" T9 z }- z6 l( d, `+ iC 192.168.14.0 is directly connected, Ethernet0/10 A4 r9 a% V" }) c& q, q& K
172.14.0.0/29 is subnetted, 2 subnets2 y( \- v8 a( _7 t! E" J3 ?7 R1 C
D 172.14.12.8 [90/307200] via 172.14.12.18, 00:03:00, Ethernet0/03 W& U: }) F, \
[90/307200] via 172.14.12.17, 00:03:00, Ethernet0/0% A1 w# d/ `$ f! x
C 172.14.12.16 is directly connected, Ethernet0/00 A* @ K& k0 Z
10.0.0.0/32 is subnetted, 4 subnets: K/ r% y3 g* q; h; [6 F. i0 M. F
D 10.1.1.18 [90/409600] via 172.14.12.18, 00:03:00, Ethernet0/0+ d. U0 Z; \9 m8 x7 }0 v& I4 m) h- D
C 10.1.1.19 is directly connected, Loopback0
$ A6 J( M7 Q9 Z6 \" x( ~* KD 10.1.1.16 [90/435200] via 172.14.12.18, 00:03:00, Ethernet0/0
& C6 c! b6 L3 ^% l1 D [90/435200] via 172.14.12.17, 00:03:00, Ethernet0/0% M8 |+ w. J3 D; f; d, N1 B6 k
D 10.1.1.17 [90/409600] via 172.14.12.17, 00:03:00, Ethernet0/0
) X+ U: f) I5 e' D. n//R19和R16,分别有了负载均衡到对方的路由,并且可以Ping通。0 E8 @$ U0 `' U+ r
R19#ping 10.1.1.16
w- h$ f9 U1 @' X5 O VType escape sequence to abort.6 o6 z( Q$ Q5 m k" V
Sending 5, 100-byte ICMP Echos to 10.1.1.16, timeout is 2 seconds:
; C( }, A& a% O!!!!!- ^7 _! S, y8 i5 K" }" z1 C
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/109/136 ms T& o7 u2 Z# |; _6 `" v
R19#) R6 q$ ^5 O' @, ^% \. O
R16#ping 10.1.1.19/ R; F) k3 o' C6 Q; P- m8 ~6 c
Type escape sequence to abort.
7 g, m G5 U ~9 B% n+ [! BSending 5, 100-byte ICMP Echos to 10.1.1.19, timeout is 2 seconds:
( B8 g1 p8 G2 g& w9 S4 T4 |) u!!!!!
6 [% V, e- N+ z3 C$ TSuccess rate is 100 percent (5/5), round-trip min/avg/max = 92/120/148 ms
/ c* S, L7 h5 ?- [! w/ UR16#
* b5 b: z* {) i: u7 K2.R15 and R16 can NOT established EIGRP.
; A. p3 m8 `- yR16#show ip int br
2 ~: s5 f$ X6 OInterface IP-Address OK? Method Status Protocol
# w+ l1 `0 p. F' w3 ?) V& {Serial0/0 172.14.12.1 YES NVRAM up down
, _6 ^& p# c& ?* Y. Y//首先在R16上确认情况是否属实
3 W" t6 t9 X" a- ^+ F+ }R15#show ip int br
& T0 U3 V8 B! H6 X2 O9 g! ZInterface IP-Address OK? Method Status Protocol
# B3 \9 x: Y& aSerial1/0 1.1.10.2 YES NVRAM up down) B- u* _$ l" }) ?9 E
Serial1/1 172.14.12.2 YES NVRAM administratively down down) Z3 T! |1 Q+ o& @: n" {$ j+ D
R15(config)#int s1/16 C! u/ k+ G; I, J! R+ h4 o- E
R15(config-if)#no shut
+ n) h5 H* d; q" {5 p! t+ Q* yR15(config-if)#
3 |, R1 u. l: `. b$ m8 S+ m: @*Mar 1 00:03:25.943: %LINK-3-UPDOWN: Interface Serial1/1, changed state to up. m- M/ b# S7 |% D4 m0 U7 w8 N5 G
//通过这条提示,我们可以知道,物理链路UP,但是没有收到协议UP的消息。* A! U2 s8 u; P+ V7 q6 S7 w
*Mar 1 00:04:41.319: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up2 [2 u! O# c: ^: u/ p
*Mar 1 00:04:42.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to down
# _3 B4 A, }( m+ S' }2 p& p//出现协议UP DOWN的情况,多半是认证不通过,此时应检查端口情况。; I9 U1 h, i9 A+ C. e: X$ i
R16#show run int s0/0 l/ [. |; o: G" S1 [+ r
interface Serial0/05 f7 b1 m; l+ k! L! H
ip address 172.14.12.1 255.255.255.2522 R5 m& o k) m# k
encapsulation ppp) X% [. N0 ^) _7 r7 Q1 N& H8 E8 T
serial restart-delay 0$ v0 P h( |* N: R: H
ppp authentication chap; n% Z" ^4 a# T0 X
ppp chap hostname ccie
7 j5 r3 z& r3 p6 I5 c* w( X Fend3 q! D+ H. q8 A9 A
R16#show run | in user
+ y. e5 V6 U0 a# U4 Fusername R15 password 0 cisco2 V! v, u7 N! F: u$ U
//这里可以发现R16开启了PPP认证。
i; B3 f& x1 Z" ~ ~7 B//通过这句话:ppp chap hostname ccie可以知道R16也是被认证端(也就是双向认证)。, Z+ o' j2 t& q! ?5 j* M
R15#show run int s1/17 T3 J4 N i- O/ f6 d; x+ w1 o
interface Serial1/1
" b3 D2 M' ~8 q- N# |& J& k ip address 172.14.12.2 255.255.255.252( { H7 e5 K$ X+ n% K' `
encapsulation ppp( B+ B* R: |5 a2 J/ Y: {( h5 f
serial restart-delay 0; a0 g% ~) z4 g `$ p; K, j. g
clock rate 252000
. E: R+ B+ B9 o1 D ppp authentication chap" u" `0 L% q, l9 u3 _+ b
ppp chap hostname cisco
' W) K; Y. G9 b2 qend
; @6 y2 L2 k/ l/ FR15#show run | in user. Y, b. @& d6 k% q+ Y; m
username R16 password 0 cisco
. |' {! O( }& c+ V3 M4 ^//通过以上信息,可以发现R16和R15双向认证不匹配。
; H9 B1 P4 F7 e1 r这里我们做以下整理:- a q+ X8 U+ [7 O
R16:
g! n: N. Z. n2 yusername R15 password 0 cisco //这里的信息要和R15匹配
! \; J4 ]& n+ }5 ] //username R15 是对应对方的hostname- F+ K6 h7 G% p1 [- L
//password 要双方一样
" K+ P9 a) F& U4 M+ v/ ^7 P+ _' j( YR15:
; e3 \* R( @2 E% eusername R16 password 0 cisco //这里的信息要和R16匹配: n/ A+ C6 ], x/ r# y H* T
//username R16 是对应对方的hostname0 ^$ ]9 B, |7 n1 D, U3 v# G
//password 要双方一样
* V+ q( k- Y( c4 ~* ]4 G( A7 wR16 int s0/0:
/ E9 F' i- s; l) q ppp chap hostname R16 //R15定义对方的username
) e* ?" ?; |$ S/ Z U0 d ppp chap password 0 cisco //R15定义对方的password7 Y1 f6 X/ X2 I. X% A0 d# Q
R15 int s1/1:9 e$ M' j( E# {( p9 C/ q
ppp chap hostname R15 //R16定义对方的username1 g) X7 l- H9 t4 V- w6 L
ppp chap password 0 cisco //R16定义对方的password
?, L3 N9 b! x5 R5 z: j( kR16(config-if)#
, c9 _, I8 b1 p9 ^Mar 1 00:29:08.831: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up2 Y- y1 ~" n: U6 f; r
Mar 1 00:29:09.067: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.2 (Serial0/0) is up: new adjacency( g! S2 ^, }/ L/ Q: ^& |
R15(config-if)#+ i u5 L$ t: S# c; V
*Mar 1 00:16:01.907: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up
$ s( B- ~: @% X5 j*Mar 1 00:16:02.519: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.1 (Serial1/1) is up: new adjacency4 `! o% F' [1 _& U% t3 j
//修改完成后,出现以上字样,代表协商成功,邻居建立。3 J" o. ~& F' Y+ Q' w, X
//此时再查看EIGRP邻居。
: }/ t$ w. i+ a2 f6 u: S& ?R16#show ip eigrp neighbor9 p- N8 q) }" X. @2 o, ]$ M
IP-EIGRP neighbors for process 200- f6 q" ?' v( [5 D3 B. Z& K
H Address Interface Hold Uptime SRTT RTO Q Seq
2 y* c- E. c- w (sec) (ms) Cnt Num2 i1 c3 \ U8 r, G7 s& Q9 u
2 172.14.12.2 Se0/0 11 00:02:53 148 1332 0 3% _5 {# T7 N5 o, i) J0 m8 Q. f- s
R16#3 |: m$ L' K3 @; a9 v+ O# b$ S
3.CE R15 Loopback0 and CE R7 Loopback0 , there are can NOT ping each other’s.2 c. k9 w, v& o$ Q8 [# w/ [, k! n
(Four PE route require display another three PE loopback in show ip bgp.)
# n) ]: K* y, @* u2 v2 N解决这题就应该有一个良好的步骤和习惯:(参考TS1总结-完全冲刺版): a, A( Q% o6 Q: `0 _# Z t
1.首先解决直连路由问题4 |4 J0 s: |9 j) z- b. Y8 O# Z
2.解决IGP问题: f6 p( k6 f* Q! Z! s9 Z; f$ J
3.解决BGP问题
K7 D% [' R/ `: {) O# \4.解决MPLS问题
$ m9 t9 |/ u* m5 b/ p4 J) M" \: D: g7 p* n9 V" X
首先查看R15和R3是否成功建立了EIGRP邻居,是否能收到EIGRP和VRF过来的路由。
a7 H: a+ k: yR15#show ip eigrp nei
8 b; n$ b/ Q, W; _9 ?* F3 LIP-EIGRP neighbors for process 200
2 E* f/ Z! J0 m! N# B0 ?2 W' v) zH Address Interface Hold Uptime SRTT RTO Q Seq; S% c1 k9 i1 L- q
(sec) (ms) Cnt Num
?6 `- I% k+ i0 172.14.12.1 Se1/1 14 00:13:02 60 540 0 283 c0 [2 z! x9 U* ^; S! u3 A1 M7 q
R15#
8 @! k/ E& y+ `) _: |//这里可以明确看到,R15这个EIGRP的邻居是刚刚建立的R16的EIGRP邻居信息。3 [/ A" P0 m; j6 p' L% a; L
//这就说明R15还没有和R3建立起EIGRP邻居关系。
n( v7 p0 I& Y+ ^ p' E. {! ~$ y( iR15#show run | b r e
5 l% }; ], K9 Y( Xrouter eigrp 200: K; j* d8 C/ I& M/ W
network 1.1.10.0 0.0.0.3
4 u8 a( f- \& } network 10.1.1.15 0.0.0.0
. S3 V" q& J+ F `" D2 L network 171.1.1.1 0.0.0.0
9 n$ F8 A1 `% N7 N network 172.14.12.0 0.0.0.3
# g5 H+ R( x. i no auto-summary
: }. v! [6 G1 a, [& U6 t//R15已经把自己接口和Loopback地址宣告了出去。+ b1 `8 D" m* v
R3#show run | b r e
2 Q+ i6 f9 R0 o: Mrouter eigrp 1
" d8 ~+ H7 ?" [- I* k6 o no auto-summary
6 H( T( v' K- U% z' k !
" j7 F9 a) c2 t2 \0 N5 `3 i6 M address-family ipv4 vrf site-b3 Q6 q$ H: p' R Y" _+ O. g
redistribute bgp 3 metric 100000 100 255 1 1500
' p# U0 q/ }7 Q! ?& E- b8 ? network 1.1.10.0 0.0.0.3
8 e0 @# J4 @2 _. s! \+ [ no auto-summary
1 h/ M+ m+ T' x3 E. `# b5 S exit-address-family
; s$ c: o8 Q$ C//R3也已经把自己的直连端口宣告了出去。$ k+ U! A& {0 c
//R3和R15应该是通过EIGRP200来建立邻居关系,而当R3建立了VRF后,R3的路由表应该要转移到VRF自己的路由表中。3 D6 n4 H$ ^2 q, d
//所以我们应该要在VRF下建立一个EIGRP200的自制系统和R15进行协商。0 c! f: ~6 t0 S. I+ N
R3(config)#router eigrp 1
, S) ?+ R2 Q' w: v& I% }R3(config-router)#address-family ipv4 vrf site-b, v) o2 p6 ^( E2 }0 h
R3(config-router-af)#autonomous-system 200: F D" I& I& L+ h8 \
R3(config-router-af)#
/ J; T2 \& o1 g5 E*Mar 1 00:10:44.199: %DUAL-5-NBRCHANGE: IP-EIGRP(1) 200: Neighbor 1.1.10.2 (Serial1/0) is up: new adjacency
6 n* B" j5 L4 H" Y5 t) sR3#show ip eigrp vrf site-b nei
. H0 Y/ _* K- J, e6 q; ~3 eIP-EIGRP neighbors for process 200+ [. I8 {1 n) l2 f" _
H Address Interface Hold Uptime SRTT RTO Q Seq
s, S: E) ~6 ]& b6 z7 ]5 y/ {2 X (sec) (ms) Cnt Num5 F$ j1 V+ z0 X6 J3 Z! n9 _ k
0 1.1.10.2 Se1/0 13 00:00:52 217 1302 0 11 o# U+ ~8 |4 T8 W( ?8 G
R3#
! `: s3 X( e& u+ l' T5 V+ _$ R//这时,我们来查看R3的EIGRP VRF的邻居时,就可以发现R15的邻居信息。
( d' x7 P: R5 ]0 U0 ]$ yR15#show ip eigrp nei! ?/ g- f$ i& v5 V$ A" r
IP-EIGRP neighbors for process 2000 B, o9 |7 |3 u) U/ R- q/ U e
H Address Interface Hold Uptime SRTT RTO Q Seq' w; y- R5 K4 A2 r: r# V
(sec) (ms) Cnt Num
3 Y& ~% \8 J# m b, ]1 1.1.10.1 Se1/0 12 00:01:43 511 3066 0 49 J" R- u; c" P2 }$ n/ K# Y
0 172.14.12.1 Se1/1 10 00:22:53 60 810 0 29
; R1 Y/ ?' b K7 u" IR15## z3 U& d& @& i
//与此同时R15也能正确的和R3建立起了EIGRP邻居关系。
+ k" n- j( x3 u: i& ~/ WR3#show ip route
1 q! P% q$ ^) M3 x' p' _) U3 ]' p. e 172.14.0.0/30 is subnetted, 8 subnets8 J: i0 N# M0 }
C 172.14.8.32 is directly connected, Ethernet0/05 g9 ~3 [- ~# M4 q' R4 r: m* q5 H, H
O 172.14.8.8 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/2+ t1 f; c, u [* O: ?
O 172.14.8.12 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/2
6 D0 r! f# Y- W% @ ^ nC 172.14.8.4 is directly connected, Ethernet0/2% s/ G; U- `0 \0 T% m! t
O 172.14.8.24 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/04 F; x6 L* g0 c( E& Y7 L6 s
O 172.14.8.28 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/0
8 I. Q7 b% i: T+ s+ c: y! ^O 172.14.8.16 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/2
* _7 E4 j% P# ?( N2 nO 172.14.8.20 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/09 y% n$ o/ ^: P* I
10.0.0.0/32 is subnetted, 6 subnets9 R! z) K" H9 U9 |1 ?/ @
O 10.1.1.2 [110/11] via 172.14.8.33, 00:01:06, Ethernet0/0
~. i2 p: A5 b zC 10.1.1.3 is directly connected, Loopback09 h' h! u4 |/ ? q! d# O* T" ^- [
O 10.1.1.1 [110/11] via 172.14.8.5, 00:01:06, Ethernet0/22 L/ L4 l0 h- Y* }# w+ m# J
O 10.1.1.6 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/0! g3 ? @# c1 m7 h9 f
[110/21] via 172.14.8.5, 00:01:07, Ethernet0/2
; V% d, k: S/ @; U1 O+ WO 10.1.1.4 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/0
6 a$ z+ J5 Y) i7 ^5 I [110/21] via 172.14.8.5, 00:01:07, Ethernet0/2
; R- ^1 j& y1 {6 nO 10.1.1.5 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/0
$ d5 a0 ]3 Y# E* t/ h6 t2 N [110/21] via 172.14.8.5, 00:01:07, Ethernet0/2" Z6 ^6 D3 D9 ~; W
//从这里可以了解到R3通过OSPF已经学到了各台P和PE设备的RID。
* y# {% z- U( Y" e7 Y, Z# `R3#show ip bgp
$ ^8 [- J. ~0 h% ?/ l4 \4 `BGP table version is 10, local router ID is 10.1.1.3
# C4 ^* ]9 q8 k' @ Network Next Hop Metric LocPrf Weight Path" `( s# ^2 Q$ n
r>i10.1.1.1/32 10.1.1.1 0 100 0 i
; O! ]+ Q' j# D* H6 r1 T% br>i10.1.1.2/32 10.1.1.2 0 100 0 i0 r& A: I" J' o/ F, ], B2 _$ }
*> 10.1.1.3/32 0.0.0.0 0 32768 i, @ s+ {4 t) d( p: C3 j( k- K5 ~
r>i10.1.1.5/32 10.1.1.5 0 100 0 i+ A* N `; o$ Z7 z; `
r>i10.1.1.6/32 10.1.1.6 0 100 0 i
2 t9 P6 I! O* \8 }/ u. ~R3#% L8 i7 ^1 o4 X$ F
//从IPv4BGP表中可以发现R3没有去往R4的BGP路由。2 W) S$ X' Q+ ?5 X0 n9 ]+ A
//现在这个题目是要解决从CER15去往CER7的路由要通。所以R4的问题稍后解决。
n& W2 c6 U8 H9 U6 F- CR3#show ip bgp summ( I8 [% Y: r% i1 ~) S$ _1 a6 A
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
% N; A9 m4 m" z10.1.1.1 4 3 26 10 10 0 0 00:06:07 1! H9 j" C, y+ s& y$ H
10.1.1.2 4 3 28 9 10 0 0 00:05:53 3
" Q0 t" i5 D" W% C! a' ^& C0 ]R3#show ip bgp vpnv4 all summ. j3 Y: e7 @9 Z7 ~) R; n/ I
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd. [& n7 O/ y/ m
10.1.1.1 4 3 26 10 24 0 0 00:06:32 11. M! E4 i6 h, S) K+ s2 Z6 |
10.1.1.2 4 3 29 10 24 0 0 00:06:18 11
. i+ w4 @; K( e; r' h+ ] {( NR3#3 B' H8 B. X# }' y% ^) K/ x
R3#show mpls ldp nei
; t- t5 S" Z( h$ x/ G Peer LDP Ident: 10.1.1.2:0; Local LDP Ident 10.1.1.3:0
2 `/ N) ~% g3 J% `4 y6 b6 L5 D TCP connection: 10.1.1.2.646 - 10.1.1.3.525699 s. J3 D" b) j/ }2 s. L
State: Oper; Msgs sent/rcvd: 25/24; Downstream
& M8 a% k, `# I* R6 w# H2 ? Up time: 00:06:50
0 O1 J5 {: Z+ { X- X* G( ]: u8 k LDP discovery sources:8 u; ~$ v7 f; R+ E0 S0 o0 s
Ethernet0/0, Src IP addr: 172.14.8.33
; K @% V7 w* U/ h Addresses bound to peer LDP Ident:
9 T$ p& w. L. j" l 172.14.8.33 10.1.1.2 172.14.8.25 172.14.8.29
' |7 R) N) q( T: `8 E8 ?3 j. J* @ 172.14.8.21
4 W' W; E' k! }, c. i' i& KR3#
. F u( c4 i. F* ?* R: c' V//这里我们可以了解到R3没有和R1建立MPLS邻居关系。/ n. s% Q! |/ C# F( K2 t2 m5 }8 T
//我们可以查看R3连接R1的直连端口。
; n( Z; i, O# ~& I0 @+ [% U6 kR3#show cdp nei
. G! W3 M! ~: l) i6 xCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
2 [# f+ h6 u: D1 K# C# ~# r S - Switch, H - Host, I - IGMP, r - Repeater
% d; q t! J" g0 {0 {Device ID Local Intrfce Holdtme Capability Platform Port ID; G: k" M6 ?9 x6 h/ K$ a
R15 Ser 1/0 171 R S I 3640 Ser 1/0
6 b/ c: U/ S+ W. x7 }R2 Eth 0/0 160 R S I 3640 Eth 0/03 P1 y2 K$ @- {# h% b( z' k" U
R1 Eth 0/2 165 R S I 3640 Eth 0/2
# X+ d `8 {& J& nR3#) |. W0 i0 K! n2 K0 P* r
R3#show run int e0/2- y- m1 S3 s' A
interface Ethernet0/29 D8 P* c, b( o/ T
ip address 172.14.8.6 255.255.255.2520 @" F+ ^5 N0 l( d: c1 L! y
ip ospf message-digest-key 1 md5 cisco
7 C2 A# E1 e7 p; f7 M/ L$ N1 x half-duplex
: ]& Z7 Q/ \, G N0 m4 J mpls ip4 v4 u( {5 c/ z6 P3 k2 Y6 V$ L
end0 t$ i' n5 q3 w% S9 M, x" L+ v
//在确保R3的e0/2接口没有问题的情况下,去R1的e0/2检查。$ m) |+ B5 Z$ X' _2 X; n
" U6 I% f* O0 W2 E) AR1#show run int e0/2. K9 W0 k: `# p; i
interface Ethernet0/25 J8 [ q6 C" g& S" `1 C
ip address 172.14.8.5 255.255.255.252
4 Z7 l6 B8 x7 b ip ospf message-digest-key 1 md5 cisco' a$ f" A7 `" B2 e8 b. |
half-duplex* s6 e6 I" N1 b1 H2 @* i8 f
end* x' ^4 e7 b0 F! `( k
//我们发现R1的e0/2缺少了MPLS IP,把它加上。* v$ T9 K8 H6 ^2 v. h
//因为P设备和所有的PE设备在直连端口都应该打上MPLS IP ,所以可以使用range这个字段来囊括所有的端口。
) X# z8 @9 \& W/ D# I1 iR1(config)#interface range ethernet0/0 -3$ P& Q2 P) \' t( \* a+ L+ ^% R
R1(config-if-range)#mpls ip
1 k. a; H7 ~, I: ^) D0 ER1(config-if-range)#: U5 ]* i+ W' |& I- f8 [9 ]
*Mar 1 00:14:47.935: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.3:0 (2) is UP
- G* b9 }- u8 t*Mar 1 00:14:48.003: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.6:0 (3) is UP: J% l7 ^6 m% I- _/ A0 f
R1#show mpls ldp nei4 j( e1 t7 x3 |6 |
Peer LDP Ident: 10.1.1.5:0; Local LDP Ident 10.1.1.1:0
# p: M# s, S2 \; Q/ [' E TCP connection: 10.1.1.5.47537 - 10.1.1.1.646
+ h H% b8 W& V$ r( Q' m4 J State: Oper; Msgs sent/rcvd: 31/32; Downstream
' p; u$ j. W, k Up time: 00:13:09
2 `$ i/ U$ I) H P LDP discovery sources:- N4 q* t+ Y; b
Ethernet0/0, Src IP addr: 172.14.8.184 k2 ~# D* K* F7 n" j9 d
Addresses bound to peer LDP Ident:3 K8 H; O9 g4 }) E" T8 U
172.14.8.18 10.1.1.5 172.14.8.22
/ I7 ]% `9 C r: b$ f" V6 w" v5 a Peer LDP Ident: 10.1.1.3:0; Local LDP Ident 10.1.1.1:0
0 x" p1 S- _! @ TCP connection: 10.1.1.3.61492 - 10.1.1.1.6469 ?6 g6 N% L( G' d( i* H1 g
State: Oper; Msgs sent/rcvd: 18/17; Downstream
& R4 ]% d( _' c- _& k8 W, M) ? Up time: 00:00:55
/ e( i! \& K) S LDP discovery sources:
0 m) Q3 h/ j: |$ | Ethernet0/2, Src IP addr: 172.14.8.6
# @! Y# l7 E& C; F* G: }( ^ Addresses bound to peer LDP Ident:/ E3 ]. P% s4 M: s9 l7 x
172.14.8.34 10.1.1.3 172.14.8.6
8 U X6 ]( M' c' W1 u2 ]5 k Peer LDP Ident: 10.1.1.6:0; Local LDP Ident 10.1.1.1:0
9 [: |& O% w5 t* y- y TCP connection: 10.1.1.6.11900 - 10.1.1.1.646
- X0 U% f4 Y5 N7 @5 ?8 ~4 B State: Oper; Msgs sent/rcvd: 18/18; Downstream8 K1 N7 Z( O6 I* e3 k& _
Up time: 00:00:55
" N+ k7 e# a+ f# e: ^( E8 U LDP discovery sources:
% u# n y2 [5 _( l/ M6 \1 f Ethernet0/3, Src IP addr: 172.14.8.14( x" k- u! O' e9 B2 P9 z
Addresses bound to peer LDP Ident:0 s7 N J& x# t$ d+ ?$ B( p- H
172.14.8.26 172.14.8.14 10.1.1.6/ U7 P @; x, } c+ L
R1#
0 U P7 R2 n: k( t+ n//R3 已经存在于R1的MPLS表中。
! l% Z: H G. ?1 {5 o; W//R1是P设备应该有4个PE设备的对端,而且从RID地址可以了解到R4没有在R1的MPLS表中,这个记住,一会解决。; B3 I. R: W- w. P
R6#show ip route
9 E7 X) I7 z5 i, U+ N& } 172.14.0.0/30 is subnetted, 8 subnets: ~) z7 ?' u& {$ r% ^7 S& z
O 172.14.8.32 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/1; X* h" v( S/ ` q4 {
O 172.14.8.8 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/3
% D e' U J% z( `+ zC 172.14.8.12 is directly connected, Ethernet0/3& F3 G/ A2 X5 _1 l2 J/ ?4 J( E+ A
O 172.14.8.4 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/36 u1 ?5 ~* `8 _! u1 `5 w
C 172.14.8.24 is directly connected, Ethernet0/1
# T+ |3 T3 l/ \9 s- t+ N$ \& Q* YO 172.14.8.28 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/11 I) |1 ~, H5 c+ E% d+ m5 Y
O 172.14.8.16 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/3
, _3 B* H8 A9 hO 172.14.8.20 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/1
3 Q2 f: m: H& L7 G9 P3 [& a 10.0.0.0/32 is subnetted, 6 subnets6 o( l) y7 {3 l; b, x$ Y
O 10.1.1.2 [110/11] via 172.14.8.25, 00:21:54, Ethernet0/1
! W. o. [+ u5 R& X+ x7 jO 10.1.1.3 [110/21] via 172.14.8.25, 00:21:54, Ethernet0/1
4 _5 x- P, y/ ] Z- V [110/21] via 172.14.8.13, 00:21:54, Ethernet0/3
6 [6 b0 X+ m h' E: _O 10.1.1.1 [110/11] via 172.14.8.13, 00:21:55, Ethernet0/3
) H% n6 E1 m* t. NC 10.1.1.6 is directly connected, Loopback02 F9 O7 P7 V$ N, Q2 y# F
O 10.1.1.4 [110/21] via 172.14.8.25, 00:21:55, Ethernet0/1" t- ^( V( p7 T0 Q. c0 r8 v
[110/21] via 172.14.8.13, 00:21:55, Ethernet0/3- W# x7 J e4 Q
O 10.1.1.5 [110/21] via 172.14.8.25, 00:21:55, Ethernet0/16 q$ I: ^8 F( j& v2 z
[110/21] via 172.14.8.13, 00:21:55, Ethernet0/3# V, t4 M. j4 |6 f
R6#show ip bgp3 X5 h" y. t+ v# @
Network Next Hop Metric LocPrf Weight Path0 ^2 J: Q) K& \. B- `8 j
r>i10.1.1.1/32 10.1.1.1 0 100 0 i
$ V8 g- A/ c g8 G4 T7 T8 h, Yr>i10.1.1.2/32 10.1.1.2 0 100 0 i9 Y6 K3 I+ j& r% M" c8 V
r>i10.1.1.3/32 10.1.1.3 0 100 0 i
$ d8 `! s! X+ Y' l, x4 e+ B; ?r>i10.1.1.5/32 10.1.1.5 0 100 0 i" i/ @4 Y. A# w' H- Q9 f
*> 10.1.1.6/32 0.0.0.0 0 32768 i
3 v; }+ M* X" V. H* e; \5 i. KR6#show ip bgp summ5 V8 e4 A/ p( W- i
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd+ O" ?) [. x/ z) e& X) v
10.1.1.1 4 3 34 42 10 0 0 00:22:21 1) @9 [% W' T6 D& m
10.1.1.2 4 3 37 42 10 0 0 00:22:23 3
4 R( o3 }, B. C8 q1 m1 |R6#show ip bgp vpnv4 all summ
6 \$ O7 x' p! `9 _" {+ h" p# p6 vNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd5 D! {8 O6 H* E7 e0 v( k9 L0 R2 W
10.1.1.1 4 3 34 42 23 0 0 00:22:32 0/ O) n! u7 P) {/ Y, R
10.1.1.2 4 3 37 42 23 0 0 00:22:34 0
; I7 R$ I* ~4 x8 w//从这个表可以了解到R6没有与R1和R2交换VPNV4的路由信息,它们之间只是建立了邻接关系。" F+ D. T* c$ \" Q9 T
//代表R6无法收到来自R3的VRF信息。( f8 S, X+ \: }- O0 e
R6#show mpls ldp nei
7 J B' k* R- S! k! G8 n z Peer LDP Ident: 10.1.1.1:0; Local LDP Ident 10.1.1.6:0
+ V A& _( F( f M6 l TCP connection: 10.1.1.1.646 - 10.1.1.6.11900
) C9 e/ a) L" ?5 v% E$ U State: Oper; Msgs sent/rcvd: 30/30; Downstream; q8 j; ?" @. U& ~& w
Up time: 00:11:49
8 a) V @- X0 O" |8 X u: F* d LDP discovery sources:
\; [8 l) J0 D9 N9 O8 I! I) R Ethernet0/3, Src IP addr: 172.14.8.13
0 A5 ?/ ^* {" R% U Addresses bound to peer LDP Ident:
& B! h# g( m- K- s$ j) [ 172.14.8.17 10.1.1.1 172.14.8.9 172.14.8.5
2 r7 K; ?/ n3 F* a) A* O2 } 172.14.8.13
, {3 p4 W% k+ j1 XR6#
: x( Y3 _5 L/ r8 H8 h//R6缺少去往R2的MPLS路由。
& j1 D3 ]$ w; p! A7 Y- m7 a" dR6#show run int e0/1$ S8 X, b$ K# y& X. B3 J
interface Ethernet0/1
* I. Q r' M* c9 |3 e3 n7 I ip address 172.14.8.26 255.255.255.252; |6 S) v; w' A) m7 j' g# @4 |4 i
ip ospf message-digest-key 1 md5 cisco3 b; |$ q$ F/ H7 k* B
half-duplex
6 H; k V4 Q( _: ?& fend h+ @/ Z) Z/ a: V3 | T4 U. s$ `
//加上MPLS IP% [4 u# Q- {" o% b
R6(config)#int e0/11 _+ `$ I* ]- Q7 g9 Q
R6(config-if)#mpls ip9 A5 M, V' N1 v* e5 a( J0 {$ Y1 c2 H
R6(config-if)#
, y0 B6 K2 |$ k*Mar 1 00:26:14.003: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.2:0 (2) is UP
. }/ x( y: i2 T; t) g3 s//我们去R15上查看一下是否正常收到CER7的路由
% l" o k, a( L4 BR15#show ip route+ x5 B; k: W# b0 m0 g& f, v+ A
1.0.0.0/30 is subnetted, 1 subnets
, B: A# o9 o) {1 s: H. aC 1.1.10.0 is directly connected, Serial1/0
9 s: Y! b' n: q+ A8 d 171.1.0.0/32 is subnetted, 1 subnets9 v' X5 s& n' m2 B
C 171.1.1.1 is directly connected, Loopback10
6 z$ W$ q) F( ]; ?$ O 171.2.0.0/32 is subnetted, 1 subnets
5 i' G' ]/ t; i! ?7 qD EX 171.2.2.2 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
: u* q0 k! i# b 10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks! W- k: }0 u6 D: ^. Y! B
D EX 10.10.10.8/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0, z3 _0 `' n& ]4 G4 ^
D EX 10.1.1.8/32 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
3 y/ W1 m' t! t( s, A8 J/ wC 10.1.1.15/32 is directly connected, Loopback0$ t. I' k6 H! H) K; J/ P
D EX 10.10.10.0/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
; \6 I. }0 E: ?6 ]. _, }D EX 10.1.1.7/32 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
$ L q& K# n- b2 }$ `4 N6 \D EX 10.10.10.4/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0' J/ F y$ f- n8 c, h: ?$ k' t
D EX 10.10.10.24/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/07 B0 y. l2 a: I8 [1 n, l; Z
D EX 10.10.10.16/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
/ i& Z$ e2 U: T4 v' b& OD EX 10.10.10.20/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
+ c' z' ?/ Y) J- }: d; [D EX 10.10.10.32/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0% p9 i O0 Z/ m: ^# q) [
R15#ping 10.1.1.7# A; ?% ]: D- H, S
Type escape sequence to abort.
% k0 t U# h, f9 C6 N. eSending 5, 100-byte ICMP Echos to 10.1.1.7, timeout is 2 seconds:
, f# F. I, q/ P7 S6 }1 n! d7 W5 V.....* q+ E/ [ h! l: s$ P
Success rate is 0 percent (0/1)
+ B1 D1 s% C. w& ]8 NR7#show ip route
. r0 {' a* m) d+ b 171.1.0.0/32 is subnetted, 1 subnets" ^7 P" R: c2 L- H# u$ K
O E2 171.1.1.1 [110/10000] via 10.10.10.25, 00:39:24, Ethernet0/3
) `& m0 s: S8 J' o6 K; I# u 171.2.0.0/32 is subnetted, 1 subnets& S7 l. [* M8 `* _; a$ J' ~8 D
C 171.2.2.2 is directly connected, Loopback101 _+ O% w" B. |9 |8 Z4 s
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks7 \' D" S! x" C z" a8 r
C 10.10.10.8/30 is directly connected, Ethernet0/1$ }% D9 O1 N- {6 S) c; K
O 10.1.1.8/32 [110/11] via 10.10.10.25, 00:39:34, Ethernet0/34 m+ \; B( a3 B' \7 A
C 10.10.10.0/30 is directly connected, Ethernet0/0
; b1 V+ \2 m- H" z' [3 yC 10.1.1.7/32 is directly connected, Loopback0
& p7 R8 R) X1 Q" |, t& K# X/ WO IA 10.10.10.4/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/3. o/ b5 `: \. F, |
C 10.10.10.24/30 is directly connected, Ethernet0/3
9 R' h) G0 S* {( B# R" H; ^/ N0 I5 q/ AC 10.10.10.16/30 is directly connected, Ethernet0/24 c5 |; O+ ~3 I( b5 G# |
O 10.10.10.20/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/3
( T1 M" ]" O; g: |4 zO 10.10.10.32/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/3
+ S8 b" C! [0 U) v s* O% l+ r& e" RR7#
2 r2 \1 X' |7 x4 Q//我们R15可以正常收到R7发过来的路由,但是R7无法收到R5发过来的路由,说明R6有发送PE信息给对端,但是R3没有发送自己的信息给R6。9 S3 x! N) y" H8 t# r4 H X R, F
//所以我们假定问题是ip vrf对于对端的配置问题,因此要去PE上检查ip vrf是否配置正常。
1 Y( k; H$ Y# X. H% s8 Q- _R3#show run | be ip vrf
- P. J0 G( c) d: `, K' |3 ^2 g9 g$ Sip vrf site-b
8 F: R$ E5 \0 \, Y0 ~- k rd 20:102 j y& {( C) z' L* F
route-target export 20:10 //是否发送RD为20:10的路由信息出去
% o, @1 ]' i6 t6 H7 T0 m e: ]. M9 ^ route-target import 20:10 //是否对RD为20:10的路由信息感兴趣
# O( X( C. b/ W6 a+ @ route-target import 20:20 //是否对RD为20:20的路由信息感兴趣. G M9 s- ~6 V$ [: u7 O3 `
R6#show run | be ip vrf
& W9 U2 W# P: Bip vrf site-b
8 S3 U7 U& `% a% J! W J. y7 W rd 20:20
% ] q, p6 N% r6 L route-target export 20:20
, c' O2 ]. Z7 u6 O7 g( q' r route-target import 20:20
' F8 M- }1 ~5 G. ~4 e0 [) { route-target import 20:106 I$ g$ i2 Y5 U# l2 k# w1 p% a
//这里可以了解到ip vrf 配置正常。
5 b( D, }5 T H5 L. e( b8 _) ~R3#show run | b r b$ i% I% n. Q$ p0 P/ D. n$ P
router bgp 34 r. X0 t! `& n; x$ ~
bgp log-neighbor-changes
0 J* x7 Y, H1 t, J: \ neighbor 10.1.1.1 remote-as 38 J! W7 S) _& t5 T: P( M9 n
neighbor 10.1.1.1 update-source Loopback0
! C8 b' m7 f* ]; ?; A) ?+ c neighbor 10.1.1.2 remote-as 3
: |, F' n7 y+ E2 A) g/ s# v* C neighbor 10.1.1.2 update-source Loopback0
, l2 N& ?0 A! Z4 l6 J !
4 W! Q Q( f* p3 i address-family ipv4
. l* m8 g! G H5 o+ e9 X/ g9 [ neighbor 10.1.1.1 activate$ q! v) J2 T# h+ [
neighbor 10.1.1.1 send-community
+ I7 q1 i8 @1 {2 R neighbor 10.1.1.2 activate
/ r- x5 J: p! G& A/ t neighbor 10.1.1.2 send-community
1 w, l( g" ]& ?/ \ no auto-summary
6 g. T2 P4 \4 l+ n! q no synchronization6 I& ]' s9 E K7 h7 x5 T( Y
network 10.1.1.3 mask 255.255.255.2550 T6 E5 o2 v) u5 L5 }* p
exit-address-family
- T: y, {8 `5 z !
# o8 i( O! `7 d) O( \( m) `" G address-family vpnv4
, ^5 u5 i$ X7 `0 } neighbor 10.1.1.1 activate' t- V' _0 w6 D7 q- k. l% Q; J$ {1 @0 y
neighbor 10.1.1.1 send-community extended
n. q6 c$ M$ d neighbor 10.1.1.2 activate/ X+ ^( `) h; f0 _8 _9 L
neighbor 10.1.1.2 send-community extended5 P$ |/ L/ h$ [; F: K4 i
exit-address-family
- K( D- O2 i& l !
* z% N! T( J. I3 n, j2 u" d# C address-family ipv4 vrf site-b
( h* W* }% `0 G% o no synchronization
' P) D# F7 m5 c exit-address-family
' j9 W9 F9 p4 W2 h. g% |+ [$ `//从这里我们发现R3没有把IGP重发布到BGP的address-family中。
, |* Y" s2 d" aR3(config)#router bgp 3: c6 o0 E, S2 f" V7 Y
R3(config-router)#address-family ipv4 vrf site-b4 Q# G8 [/ m# e X1 c3 u
R3(config-router-af)#redistribute eigrp 200
3 M9 R# ?" ~4 x% _/ q( OR3(config-router-af)#
! j) K+ i& Q& D- M8 f& c//如果不记得命令,可以参考其他PE设备的配置,比如:R6
$ c, W: ~& x) n0 p# iR6#show ip bgp vpnv4 all summ
/ r2 g1 y- i( ]/ x# |Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
( K( R1 n3 D Z( t3 W% X7 Z10.1.1.1 4 3 78 85 29 0 0 01:04:51 3
1 P+ k& _: K' k" @: I. X' o10.1.1.2 4 3 106 97 29 0 0 00:06:05 3
: |$ e. I3 V8 _# P4 Q# `& {R6#
- Z# G, P3 @( V; q0 Y7 c//R6与R3成功建立了VRF连接,并且开始接收数据。' g+ o% S( N& H r9 _# A
R7#show ip route
; S, K2 v1 v$ A( u6 u 1.0.0.0/30 is subnetted, 1 subnets* _( V* Y j& F. K' a+ J0 v
O E1 1.1.10.0 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0
; ~- Q$ l6 t4 T* r6 ` 171.1.0.0/32 is subnetted, 1 subnets
3 A& ] S% ?% |2 t' x# ^O E1 171.1.1.1 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0 `+ w( w. n, D
171.2.0.0/32 is subnetted, 1 subnets
B; @0 K8 F$ pC 171.2.2.2 is directly connected, Loopback10) B" ^7 P! I4 q( N
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
( X9 h2 G% t: B4 I" V) A& R& VC 10.10.10.8/30 is directly connected, Ethernet0/1 J3 p% @2 ^# n" Z+ w' z. G
O 10.1.1.8/32 [110/11] via 10.10.10.25, 01:08:07, Ethernet0/3
6 T0 l. w' p8 @7 ?* YO E1 10.1.1.15/32 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0
1 w5 u9 q3 R1 g# L/ nC 10.10.10.0/30 is directly connected, Ethernet0/0' O& @ {# y* U+ m t
C 10.1.1.7/32 is directly connected, Loopback0
F" X* G( {" u- T3 u* `& qO IA 10.10.10.4/30 [110/20] via 10.10.10.25, 01:08:07, Ethernet0/3
0 I& c* [/ H; B7 i9 K& {C 10.10.10.24/30 is directly connected, Ethernet0/3" o# ~8 A: ^1 q& M+ ^- T+ s
C 10.10.10.16/30 is directly connected, Ethernet0/2
+ \# Q! s8 C1 @; D7 ^# Z8 D. \! tO 10.10.10.20/30 [110/20] via 10.10.10.25, 01:08:08, Ethernet0/3/ a+ l! X6 @9 p% k$ i
O 10.10.10.32/30 [110/20] via 10.10.10.25, 01:08:08, Ethernet0/3) ?, M9 g: q' g% }6 `) G
R7#ping 10.1.1.15
. f1 n# Q7 E9 PType escape sequence to abort.
9 R& U5 T1 @+ OSending 5, 100-byte ICMP Echos to 10.1.1.15, timeout is 2 seconds:
/ }4 b3 f, p! V6 ~: G!!!!!+ K8 l- ?- p) D" l& y$ `# ?& g
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/71/124 ms; \+ R/ \* k h0 G& \# ?( T
R7#4 |4 ]; x( p% f5 H: }5 `
4.CE R20 Loopback0 and CE R8 Loopback0 , there are can NOT ping each other’s.
$ _/ W0 b9 W* w" Z0 C; [& l9 l//如第三题,同样是先检查直连链路是否连通。
4 r T; ^ u8 o$ KR20#show ip int br
3 H! M) q- _/ f. S/ M5 bInterface IP-Address OK? Method Status Protocol
2 d e4 M4 _; O. PSerial0/0 172.29.7.2 YES NVRAM up up
% u/ t0 X1 n) F% J4 D2 M9 Z: F//查看R20和R4之间运行协议是哪个。
% K9 g( t! Z( hR20#show ip pro
2 ~: R2 k+ ~5 x8 _4 ]Routing Protocol is "ospf 100"9 y1 a* K: W( C k: h( u$ O
R20#show ip ospf nei
( j. [+ f& i T( q. m* s1 g& m( FNeighbor ID Pri State Dead Time Address Interface: J! _- ^ s" y6 H$ X
4.4.4.4 0 FULL/ - - 172.29.7.1 OSPF_VL0
7 f; A w9 x9 E$ p. c) c4.4.4.4 0 FULL/ - 00:00:33 172.29.7.1 Serial0/0
" B& E1 J" ` e- q8 Y% ~R20#
! L0 } b+ g9 f7 m//可见,R20和R4的OSPF是FULL状态,并且是通过OSPF虚链路连接的。9 Y0 i Q( K j
//还记得第三题上面,我们发现的问题吗?R3在show ip bgp 表里面没有发现R4的BGP路由。
3 D- B1 f+ n l$ L6 IR4#show run | b r b D) W0 z5 |3 K' D, }8 ]7 k
router bgp 3& S+ C2 Y. ]' j8 K
no synchronization
' z z( Y$ s( Z9 A. M bgp log-neighbor-changes- ~* d6 h" E+ ~2 D
neighbor 10.1.1.1 remote-as 3' }" C i: o v6 C
neighbor 10.1.1.2 remote-as 3
# O5 M- D2 s0 [9 Q3 B no auto-summary. J- L! P: [+ t; ]+ _
!# x7 l6 M9 ~4 d! m
address-family ipv4 vrf site-a
6 N9 F7 G$ H# @* O3 [5 g redistribute ospf 101 vrf site-a
; d0 h5 x7 J0 {% g no synchronization
1 x0 d8 w: u+ t- X: U& t exit-address-family
* B3 R `: P7 Z& G0 G) |& V//可见,R4的bgp信息非常少;在此,我们把它补全,如果不记得命令,可以参考其他的PE设备。
- C, y9 s' V0 n0 F: WR4(config)#9 T0 [: R- h4 G" f8 u
router bgp 3. t* q; a b, ]5 s, C. [9 [, T1 U
bgp log-neighbor-changes
6 v+ G. |* J8 s( j7 ?. x; q/ ^: V neighbor 10.1.1.1 remote-as 3
" d; l$ Q8 \; x( l- w; \6 i1 B5 W8 w neighbor 10.1.1.1 update-source Loopback0
/ E ^) k. Y* L7 w9 l/ t neighbor 10.1.1.2 remote-as 38 N* X# y4 J1 w
neighbor 10.1.1.2 update-source Loopback0
# D3 S! {7 d, o$ b- t( I: fR4(config-router)#address-family ipv4% k4 w6 s; c8 a4 C, b" V
R4(config-router-af)#neighbor 10.1.1.1 activate# m* O/ v6 }1 q! _ Z
R4(config-router-af)#neighbor 10.1.1.1 send-community$ m8 O" y9 P$ B5 C' k: n1 j% c6 O+ v
R4(config-router-af)#neighbor 10.1.1.2 activate& J4 f. ]" S5 {7 ~ Y/ S: E
R4(config-router-af)#neighbor 10.1.1.2 send-community
. x+ e, {& j# m5 d: `! j*Mar 1 00:31:14.799: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Up/ d5 L9 v: }& t) J0 S5 f, p
*Mar 1 00:31:16.255: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Up: }' w! K. t; G) m) _8 P: k* Q6 a
//输入完以上信息后,发现R4和R1的BGP邻居已经建立。6 g4 L* w8 t& N+ N
//因为VPNV4的命令还没有补全,所以R1还是无法和R4建立MP-BGP邻居。+ m$ i( O2 @; g. [7 Z- Q
R1#show ip bgp
/ [) x' y! ?/ I/ ^BGP table version is 13, local router ID is 10.1.1.1
7 q/ ^6 l$ [! _( j% O Network Next Hop Metric LocPrf Weight Path" X( M. v/ w+ \& I- {
*> 10.1.1.1/32 0.0.0.0 0 32768 i8 G+ c/ m, S% T4 i! \+ z0 j# \6 I& m
r>i10.1.1.3/32 10.1.1.3 0 100 0 i
0 @* w* W, ^; U7 `r>i10.1.1.4/32 10.1.1.4 0 100 0 i
& q4 r9 G+ ~ b9 hr>i10.1.1.5/32 10.1.1.5 0 100 0 i0 ]% S+ ~; q" R& d& T
r>i10.1.1.6/32 10.1.1.6 0 100 0 i" ~3 b; q, Q1 N6 d8 h
R1#show ip bgp summ
+ `- U! i; G0 g; C+ w7 o# QNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
M, b5 Q- e9 Z& f10.1.1.3 4 3 38 53 13 0 0 00:30:55 1, ~0 C I: U6 ~: m6 g! U1 I" u
10.1.1.4 4 3 35 34 13 0 0 00:00:56 1
# X3 U# B" ?: B3 ?4 Q3 {- V2 u10.1.1.5 4 3 50 53 13 0 0 00:30:47 1
4 z6 r/ E6 U" v* ]$ _10.1.1.6 4 3 51 44 13 0 0 00:30:55 1# Q( w$ S( b8 W6 U% p* k" i/ p
R1#show ip bgp vpnv4 all summ
5 r: Y) @5 L" S/ Q+ b, sNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd! w( d9 I: Y2 {# J# [- ]
10.1.1.3 4 3 40 55 27 0 0 00:32:07 3
3 [' D4 I% a: m" D! c; D" h1 E0 O4 i10.1.1.4 4 3 37 36 0 0 0 00:02:08 (NoNeg)
8 F: @5 Z( G8 \5 {: \10.1.1.5 4 3 51 54 27 0 0 00:31:59 11
# J1 w& M" h, N; [/ X% I10.1.1.6 4 3 53 46 27 0 0 00:32:07 10, r# |0 N7 ]6 I; N9 J/ g1 @
R1#
9 X4 M+ Q6 Z7 o( |R1#show mpls ldp nei
7 `8 ~1 Q7 f4 Z; t8 | Peer LDP Ident: 10.1.1.5:0; Local LDP Ident 10.1.1.1:0: `& ~; ^$ w+ H" p) g. ~
TCP connection: 10.1.1.5.32048 - 10.1.1.1.646# s: A$ B4 N, b4 ?0 b$ O/ D+ E; h
State: Oper; Msgs sent/rcvd: 76/76; Downstream, S% i( ]) t' o. C8 h: X
Up time: 00:51:16
& L" k, o+ ]) i& R7 x+ K0 P LDP discovery sources:$ y8 S0 `. D C9 f( {+ X* \
Ethernet0/0, Src IP addr: 172.14.8.180 \, L. v& N( p$ }/ E; [
Addresses bound to peer LDP Ident:$ J( e: p5 i1 p/ @" [. }
172.14.8.18 10.1.1.5 172.14.8.22
0 i( d& j! @( T) y Y4 ~- {2 n! A Peer LDP Ident: 10.1.1.3:0; Local LDP Ident 10.1.1.1:03 \2 ^0 V' k3 I" X
TCP connection: 10.1.1.3.52528 - 10.1.1.1.6467 ?. v+ |6 a; e! r4 K- T2 z
State: Oper; Msgs sent/rcvd: 71/72; Downstream
6 z$ g/ T5 F5 b9 b) q Up time: 00:47:56, j; @0 d0 H f* M
LDP discovery sources:! q* W3 K- J5 z% W: P
Ethernet0/2, Src IP addr: 172.14.8.6' c7 O4 b$ `- ? M# Q9 ]: m
Addresses bound to peer LDP Ident:! P: ~+ q; r# T) D6 p
172.14.8.34 10.1.1.3 172.14.8.63 K+ \1 N+ f4 X) {7 t* p x- }3 s
Peer LDP Ident: 10.1.1.6:0; Local LDP Ident 10.1.1.1:0
, X5 ^* K; }" J9 D* ]) [" S TCP connection: 10.1.1.6.61959 - 10.1.1.1.646
! v9 k/ M# D) t' J ?6 K State: Oper; Msgs sent/rcvd: 71/72; Downstream
+ m* l- m& |$ y! @ Up time: 00:47:55
( C0 o6 I# C" [* k% [& ~0 G0 o LDP discovery sources:; h$ O0 c- S) w- _3 j7 G
Ethernet0/3, Src IP addr: 172.14.8.14
2 I p* @9 B L% _5 }+ g Addresses bound to peer LDP Ident:, r6 ^5 M1 M4 Z' K
172.14.8.26 172.14.8.14 10.1.1.6' D' q/ E, W, \6 M) o
R1#) O' e& n0 k# g+ D5 {! D. W
R4(config-router)#address-family vpnv4
- ?$ }! i, t. r' `3 H& L$ gR4(config-router-af)#neighbor 10.1.1.1 activate
+ o% N; u- b) LR4(config-router-af)#neighbor 10.1.1.1 send-community* c [7 t `7 U6 X- \
*Mar 1 00:35:11.695: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Down Address family activated2 u- H' d) }6 B# z2 a% C
*Mar 1 00:35:13.955: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Up
* Z! [; ]$ J3 y: OR4(config-router-af)#neighbor 10.1.1.2 activate0 I, I+ d) J4 ~: M( F0 `+ G& l
R4(config-router-af)#neighbor 10.1.1.2 send-community0 {5 x6 H1 B* M1 a9 I, O; R7 z. w" J
*Mar 1 00:35:52.895: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Down Address family activated
. a# i+ K% M6 I: J* J9 r" Q: |*Mar 1 00:35:55.167: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Up
: t* Z. q a! H/ BR1#show ip bgp vpnv4 all summ7 {. V# u- y% d% y$ V& C
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1 @4 h% A$ Q+ W10.1.1.3 4 3 43 62 33 0 0 00:35:17 3
4 k& w5 d/ }" m( u/ x0 x6 z2 V10.1.1.4 4 3 48 63 33 0 0 00:01:18 6+ u& x, K6 D$ r" E! a* L- I
10.1.1.5 4 3 56 62 33 0 0 00:35:08 11
: A7 v4 p. M* }1 z* G10.1.1.6 4 3 56 53 33 0 0 00:35:16 10
1 O8 H7 |) [8 R* X9 l( N: \4 H5 VR1#
% T3 W v: Y: D! X9 d# r0 J//R4和R1的MP-GBP邻居也已经成功建立。
2 _2 Q$ M5 m- u6 Q" ?2 @4 ?! l//R1是P设备应该有4个PE设备的对端,而且从RID地址可以了解到R4没有在R1的MPLS表中,这个是上面出现的第二个问题。- R& u3 z9 Y1 d% f% c2 T
//然后就开始补全MPLS VPN的命令,在补全之前,先查看R4的VRF名字是什么。2 J" l- r! \& c5 e
R4(config-router)#do show ip vrf* y6 ^8 M9 m9 V/ \( y1 E* ~" K
Name Default RD Interfaces" h, ~ U+ N0 l. K. k
site-a 10:20 Se1/09 Y/ k% [, d/ v \/ Z
R4(config-router)#
2 |8 h) _' Y% {- S @R4(config-router)#address-family ipv4 vrf site-a
: o: s$ g( N6 I: d9 @7 hR4(config-router-af)#redistribute ospf 101 vrf site-a match internal external 1 external 2
6 L. H: j$ _+ ?3 N7 YR4(config-router-af)#exit: F1 [/ I# B* P0 x+ ], P
//命令补全后,检查IP VRF的RT是否配置正确。& W% ^3 A, R+ l% \1 s
R4#show run | be ip vrf
# b5 {1 P, ~ h/ U( L, @ip vrf site-a& U" g0 q- R; U f% ~
rd 10:206 w) m3 o3 E$ m' A# S
route-target export 10:20
' Y! e" G5 w0 Q3 z6 _& S0 b1 @ route-target import 10:20
# @, f8 G0 k" } z4 x1 G! W5 I+ r5 K6 U }
!* A) o# W* r1 A" O+ z- X+ D
ipv6 unicast-routing S2 D" G1 |* u. Z0 D% K2 C5 P+ y
mpls label protocol tdp$ M. O4 ]! a0 Y6 h5 |6 g8 @* v' p6 f
//R4的VRF目前只对自己的信息会进行接收和转发,我们应该增加对R5的数据感兴趣。 D! I: L; q& O% R+ x4 B
R5#show run | be site-a/ b& E: S, V6 i/ O9 P T/ P) P
ip vrf site-a
' J( _1 q1 A2 e* W5 C4 q6 e0 ~ rd 10:10
9 {" A" I5 V, w" p7 _; l route-target export 10:10
+ a- Q0 r- m) C) q/ M Z9 O route-target import 10:10
% o% }! }. D4 o0 G route-target import 10:20
+ j' q$ d4 C' W# p6 r7 P o5 GR4(config)#ip vrf site-a5 k# V, c3 w4 |" G, v7 B1 u- K
R4(config-vrf)#route-target import 10:10, l) j& f: T! A& v* C) j N% z
//完成后,分别去R20和R8上面查看是否存在对方路由,并且进行测试。
: T% m6 h5 o" H% b. H$ E5 t9 lR20#show ip route
$ x! N5 v# z! k: C 171.1.0.0/32 is subnetted, 1 subnets
% p, l0 n- U1 d) u, _O E2 171.1.1.1 [110/10000] via 172.29.7.1, 00:01:10, Serial0/0/ E/ G) N4 \9 _& W
171.2.0.0/32 is subnetted, 1 subnets
$ Q7 s. L: n ^1 R7 E4 g1 xC 171.2.2.2 is directly connected, Loopback1# w2 |: X. a: R; F+ q) q( G
200.20.20.0/32 is subnetted, 1 subnets; L$ Y- s% A2 L8 h
C 200.20.20.20 is directly connected, Loopback10$ M! w' W1 a% v
172.14.0.0/30 is subnetted, 1 subnets0 `0 B0 I5 u8 K
C 172.14.9.0 is directly connected, Ethernet1/1! o# @6 l) `7 s* ~- t! ^ z0 P
172.29.0.0/30 is subnetted, 2 subnets
" K; b* q( C& X8 k0 ]+ \' M) sC 172.29.7.4 is directly connected, Ethernet1/0
9 i E0 F2 F5 m' pC 172.29.7.0 is directly connected, Serial0/0
3 p( ^; C$ h( ~. ]$ C7 F. @# n# X 10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks2 V. D( F# P8 }" _) Q4 U6 u
O IA 10.10.10.8/30 [110/94] via 172.29.7.1, 00:01:15, Serial0/0 j" k; O' M5 o/ s% e' P" i
O IA 10.1.1.8/32 [110/75] via 172.29.7.1, 00:01:16, Serial0/06 q* ^" ^: N# E6 s
O IA 10.10.10.0/30 [110/94] via 172.29.7.1, 00:01:16, Serial0/0# D% Y+ R/ \9 h+ {4 S7 O# E v& W
O IA 10.1.1.7/32 [110/85] via 172.29.7.1, 00:01:16, Serial0/0
, @4 a7 R1 _ `* ^) o: F# ~O IA 10.10.10.4/30 [110/65] via 172.29.7.1, 00:01:16, Serial0/0- W2 [/ r) g% J: q+ r+ O1 v- S
O IA 10.10.10.24/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/0: U& `' S8 r1 c; K B7 k
O IA 10.10.10.16/30 [110/94] via 172.29.7.1, 00:01:16, Serial0/0
; p8 |% i- @- ~/ E9 SO IA 10.10.10.20/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/0
0 I/ T+ i/ x3 @7 D1 _; o3 m( S nC 10.1.1.20/32 is directly connected, Loopback0 w1 _8 Z7 C; R0 O. z% O
O IA 10.10.10.32/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/0
1 w5 w7 w/ E% gR20#ping 10.1.1.8
% _, F! v( F( t2 qType escape sequence to abort.8 j/ r7 o' V, y
Sending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:5 i6 T! g; j; o% l0 ]
..... L. B- ~$ n+ j) E) [
Success rate is 0 percent (0/5)
! p8 l1 ~; {! Q' m) c$ VR20#
1 m6 B7 q* p( i9 ?# p- XR8#show ip route
8 u: h; X" ~( h3 e8 O% Y+ p 1.0.0.0/30 is subnetted, 1 subnets
8 |7 O6 ^2 m& TO E1 1.1.10.0 [110/30] via 10.10.10.26, 00:10:36, Ethernet0/3& @6 }& M, j7 U+ s
171.1.0.0/32 is subnetted, 1 subnets
$ S& k& Z: \/ M3 x& l" ^C 171.1.1.1 is directly connected, Loopback1
2 _3 S) C5 H# G* H6 R V/ V' l* w8 N 171.2.0.0/32 is subnetted, 1 subnets
' v8 S6 O8 B; ?- M6 Q7 o4 N* jO E2 171.2.2.2 [110/20] via 10.10.10.26, 00:10:36, Ethernet0/3: }8 m. o* P3 o( v
200.20.20.0/32 is subnetted, 1 subnets
: k4 u3 r" u+ f# k1 V5 i& ZO IA 200.20.20.20 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/26 k" W3 d$ g6 P& X7 ]6 a$ Z
172.14.0.0/30 is subnetted, 1 subnets/ {; v/ B0 b" ?( }+ Q, }5 R/ r
O IA 172.14.9.0 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/2
' J g# s8 W. Y4 t 172.29.0.0/30 is subnetted, 2 subnets
$ U. _4 y, ^* v% ?O IA 172.29.7.4 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/2
& _' g& C" { x7 j M" QO IA 172.29.7.0 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/22 q. J) }& j9 w9 W' a
10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks' l6 w/ }# Z9 D2 V; x- v5 d
O 10.10.10.8/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/3
4 ?2 Z L" |' ~; {C 10.1.1.8/32 is directly connected, Loopback05 y1 `. \: b: N
O E1 10.1.1.15/32 [110/30] via 10.10.10.26, 00:10:37, Ethernet0/3
6 R+ D; _. M6 t* FO IA 10.10.10.0/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/3
' o9 m* @' |/ Z0 HO 10.1.1.7/32 [110/11] via 10.10.10.26, 00:44:38, Ethernet0/3
8 C& N$ n" \! K2 Z: i4 }C 10.10.10.4/30 is directly connected, Ethernet0/2
1 t7 G( n: @# ]8 ]5 BC 10.10.10.24/30 is directly connected, Ethernet0/3
& m7 k( B& j4 N' V# Z* B5 p7 i; |4 ~O 10.10.10.16/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/3 _( T$ t' ?1 R- o5 u. m
C 10.10.10.20/30 is directly connected, Ethernet0/11 L# c0 j, E" s
O IA 10.1.1.20/32 [110/20] via 10.10.10.5, 00:10:42, Ethernet0/25 f: N+ n5 U0 w7 e; A
C 10.10.10.32/30 is directly connected, Ethernet0/0
0 M( X1 R k9 iR8#ping 10.1.1.20
( M) _* g: [8 I! F9 J4 i, ^Type escape sequence to abort.& m* L4 |; s" Z, {+ C! Y: o' p7 _
Sending 5, 100-byte ICMP Echos to 10.1.1.20, timeout is 2 seconds:8 n9 N* j" d7 D. h" l" `
.....
1 C2 n* d* u2 a, b. w9 eSuccess rate is 0 percent (0/5)- X4 Z& v3 K. S( [! V# c
R8#
: H- x7 J+ z) c/ [$ D//为什么两边的CE设备都已经存在了对方的路由,但是却无法ping通呢?
w6 G& U' C# l- w% N* p//如果细心的朋友应该留意到我刚刚show的一段命令:mpls label protocol tdp
4 s) i: I4 U- R. V3 F' Y- a//这句命令我相信大家都明白,是MPLS的协议类型不匹配,导致无法通信的
) S8 i3 |; I* {* n1 b) `R4(config)#mpls label protocol ldp8 B7 V2 U3 g3 {9 _* j+ g
R4(config)#
, M1 Z3 D0 G, ^0 B( n5 q) K*Mar 1 00:58:17.463: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.2:0 (1) is UP
3 ^2 Z+ O# ~9 ^% r6 J*Mar 1 00:58:18.835: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.1:0 (2) is UP+ o( {. |. k4 X9 [ k
//这时,R4与R1和R2的MPLS 也成功建立起来了,我们再测试一次。% h! m1 _" e" d" p
R20#ping 10.1.1.8
3 L; }! q, G+ U$ J. ]5 }Type escape sequence to abort.) ]# d6 h' j' m" M
Sending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:% T8 f; T* V" o2 H6 _9 Y
!!!!!
' o( p# z3 w( v" l2 x# N ESuccess rate is 100 percent (5/5), round-trip min/avg/max = 88/122/184 ms
9 ]' V! D/ Q2 R5 _9 l; UR20#- V: Z$ s/ g; m0 z. \1 T
R8#ping 10.1.1.20- K) }8 p9 s3 v% U+ p
Type escape sequence to abort.
: x+ e7 E3 A3 }( j2 T' c" hSending 5, 100-byte ICMP Echos to 10.1.1.20, timeout is 2 seconds:) @" P, Q4 ]! U
!!!!!
5 f/ W5 b( C" p/ tSuccess rate is 100 percent (5/5), round-trip min/avg/max = 84/128/156 ms& X1 @; l: v& u3 h1 _
R8#9 K6 V( z N2 M0 ~
5.IPv6 R8 can NOT ping R4 loopback200 CC1E:1000:100::100, fix it.
& m, `" E8 d3 w0 O. a- eR4(config-if)#do show ipv6 route
$ B: r% a6 q, F) rIPv6 Routing Table - 10 entries/ f4 r& f2 `- U& X: W
C 12::/64 [0/0]% t1 n1 m- s( a7 E7 M, s& g( |4 t- o
via ::, Serial1/05 @; i4 f! K c7 Q- w8 H2 V k, t6 j" R
L 12::2/128 [0/0]
T% s# o( X" F. E via ::, Serial1/0# ] ~5 g3 y& X$ u9 M- L
C 13::/64 [0/0]
9 l) ~' t. C6 T* m% P y6 z via ::, Ethernet0/10 Q' Q2 d# j5 f8 J4 {$ Q& F. O
L 13::1/128 [0/0]* O8 R' Z1 t5 u- Y6 C" S+ q. @
via ::, Ethernet0/1
+ t) u2 k7 n/ E8 Z$ {C 14::/64 [0/0]
5 g7 Z. R* J% K/ |" E8 Y& F2 V via ::, Ethernet0/20 A& Q9 O6 A6 S6 v, g d8 p
L 14::1/128 [0/0]4 m+ _2 J, K) C
via ::, Ethernet0/27 K$ Y$ x- P, M) E$ t
C CC1E:1000:100::/64 [0/0]: {6 S4 \' H1 H. o9 O: a
via ::, Loopback200
5 E$ [( M0 }2 L$ ?- ?L CC1E:1000:100::100/128 [0/0]
8 C6 \4 i3 V* t" J e via ::, Loopback2005 N D* B5 |0 W2 x. s+ A
L FE80::/10 [0/0]: n' y+ c5 T' Q+ c
via ::, Null0
* |4 c7 ]: k/ TL FF00::/8 [0/0]
! p9 O) {& @% Q9 X$ L% U" P3 S+ ~ via ::, Null0# R; E. l, }9 ? v a- |8 E/ B
//只有直连路由和本地路由,查看R4是否加入到IPV6的协议中。
3 I/ \& o8 c, iR4(config-if)#do show ipv6 pro
4 B; F2 E2 `+ T) h9 f! xIPv6 Routing Protocol is "connected"9 r; u2 {( \2 v+ z) q
IPv6 Routing Protocol is "static"
1 b; Q1 }9 k% U3 H, I! h3 CIPv6 Routing Protocol is "ospf 11"
2 ]& S$ c" J+ q. r7 {' Y Interfaces (Area 0):
( q5 X; x$ y; i W( T6 l$ Z Serial1/03 Y" w: [: n7 D' g! |0 u! G
Ethernet0/29 f$ e# D' @7 u$ A! d
Redistribution:
6 p. [6 T) u& X( N3 l None
. O8 V @$ Z, MIPv6 Routing Protocol is "bgp 3"* V. A. A2 T) n, x+ P" d
IGP synchronization is disabled3 P7 X4 o6 m1 [
Redistribution:
( n7 Q: a/ b: c6 j1 X9 u% H None
. |4 }: f- K+ u8 \- G7 y6 k2 RIPv6 Routing Protocol is "bgp multicast"/ s- d+ ]3 R: O1 c5 I3 ?9 q# z
IGP synchronization is disabled
* x8 N5 ^6 L( @% F; v- f Redistribution:! o c% ?3 F p) k
None3 W- Y8 e- g% m. ? i
R4(config-if)#
L. h# S2 l- P" i0 b7 }% a r//IPv6运行了OSPF 11,并且在端口E0/2发布进了OSPF5 L7 _# o% l9 |
R4(config-if)#do show run int e0/2& d9 d; S% y- t% ^
interface Ethernet0/2
- r8 v8 G, G4 t) `! Y2 X ip address 172.14.8.30 255.255.255.252
5 E' U: A3 i+ p1 B2 Y ip ospf message-digest-key 1 md5 cisco% S# Z) M% g: T4 E$ R2 P
half-duplex
0 g- {" T6 I5 F& a" R* a ipv6 address 14::1/64& M. k8 q, _+ H
ipv6 ospf 11 area 0
: H- I, O. Z9 X( E6 B; S mpls ip
' Y2 ?% u. I3 n8 d7 N6 P' Eend3 B* @6 c: Q" \" f3 K7 \
//沿路查看所有的IPV6信息$ [ {; ~: b- }
R1#show run int e0/17 Q% l$ p+ n* g6 j; l, y5 W5 t
ipv6 address 13::2/64( @2 o8 l5 @ P" }, I( y1 U
end
& |% k7 u% ~6 h5 uR2#show run int e0/2# \3 O0 }( C) I) v
ipv6 address 14::2/64
$ j) _: V, e; h8 pend
" D' r) q2 I _0 A9 C//R1和R2的IPv6端口信息: r5 \9 r, J; B" a/ t0 U& ^
R1(config)#ipv6 unicast-routing
# A2 g5 [$ [& R+ O; YR1(config)#int e0/1
D6 d7 Y* I0 ]. [R1(config-if)#ipv6 ospf 11 area 0
5 _: n; A5 }& YR1(config-if)#
5 U5 O% ]6 v+ S, [! PR2(config)#ipv6 unicast-routing
: | H7 P7 K# [" y% P. \R2(config)#int e0/2" s" s; J+ s: ~9 _; R+ N
R2(config-if)#ipv6 ospf 11 area 0
: O3 a1 U$ T/ ?8 ER2(config-if)#
! i7 ~8 u* p. V# W' H& ~*Mar 1 01:21:47.119: %OSPFv3-5-ADJCHG: Process 11, Nbr 172.1.1.4 on Ethernet0/2 from LOADING to FULL, Loading Done2 ^6 P$ t. V$ G+ A+ T
//在接口简单的配置完IPv6OSPF命令后,R2和R4建立了OSPFv3邻居,但是R1没有和R4建立OSPFv3邻居。3 Z7 q+ }, B. I% y" ~# W8 [9 G
//去连接R1的R4e0/1接口上看看。/ S8 C: e! v: |2 H" e) M" O F
R4(config)#do show run int e0/1
/ c* c- Q. s' D+ z9 Ointerface Ethernet0/18 V$ |$ W6 X9 P" u" [
ip address 172.14.8.10 255.255.255.252
1 P; @8 C4 \% c. q) C ip ospf message-digest-key 1 md5 cisco
4 G+ g: R7 Y* M( C" e3 E* r half-duplex" ?' X7 n0 W/ \& S. ]7 }: j
ipv6 address 13::1/64
8 {! S% @8 W4 ^' x [8 L" Z mpls ip
# @ f' b" R* E, m. ^//R4的e0/1也漏打了命令,补充完整。
4 ?7 ~& ]# p7 {4 B( C* A1 u) BR4(config-if)#int e0/13 a1 B+ @* _6 C4 h( p. W
R4(config-if)#ipv6 ospf 11 area 0
: m/ A- m2 e$ M/ t" wR4(config-if)#9 B( Q) E. E9 b/ p1 x
*Mar 1 01:28:25.979: %OSPFv3-5-ADJCHG: Process 11, Nbr 10.1.1.1 on Ethernet0/1 from LOADING to FULL, Loading Done3 H- r6 G. r( X+ ~5 c* G: k+ Z6 P
//继续往下一段链路检查
8 `+ M7 E6 w% F& e4 X& aR1#show run inte0/0
9 @; a- L) G/ b9 I" K# |1 o ipv6 address 15::1/64
X7 i4 i0 g6 M: P# q# y8 W$ s ipv6 ospf 11 area 10 `' u2 |5 I' `
mpls ip$ [! j( g6 [5 z( ~( m* v
end
9 z7 k9 H; v7 i) ^R2#show run int e0/3
4 m' v/ S& |1 ]4 B+ j ipv6 address 16::1/64
; z7 q B% h: z- Xend
4 `$ ^2 J5 _7 \) m# h# o" ~//参考R1,并把R2的e0/3接口命令补充完整。
4 C3 Z b3 W. C' j3 f* sR5#show run int e0/0; C2 l# s1 F. q" Z) I6 |- j9 P
ipv6 address 15::2/64
# }1 X4 D7 D/ J ipv6 ospf 11 area 1
" w3 i2 R, j1 y0 I mpls ip4 t+ o4 s0 p8 P/ @$ W
end" y1 g7 R8 P3 J4 X7 f7 C' n3 ?
R5#show run int e0/3
$ ~2 e. E7 t: x ipv6 address 16::2/649 [1 w+ i0 x3 X+ @
mpls ip
* t* ]$ i) L$ P% ~$ Vend
8 Y5 x4 l, e8 Q w7 j2 [7 b+ aR5(config)#int e0/3
7 n0 Y* h9 q9 t+ F+ G, U( gR5(config-if)#ipv6 ospf 11 area 19 e. k3 ^6 i5 A& l: q0 u# E( b
R5(config-if)#' ^; w7 v9 ?4 n! b' [
*Mar 1 01:33:05.923: %OSPFv3-5-ADJCHG: Process 11, Nbr 10.1.1.2 on Ethernet0/3 from LOADING to FULL, Loading Done0 B( s F( {0 Q) r7 M- R3 T" `
R5(config-if)#do show run int e0/2: B$ T0 r" A* {" G+ g
ipv6 address 17::1/64
& L8 M W% T+ L5 I ipv6 ospf 11 area 1- D7 m8 e& _4 m2 J1 @1 F C
end" X* l& T& }! R. C, J
//R5同上
. t, U' v% ^" @; _9 jR8#show run int e0/2
7 x0 Y1 Y- e) w4 F; b5 }6 V( Y6 H) W4 Z+ p ipv6 address 17::2/643 k/ d$ m8 J+ [$ v
ipv6 ospf 11 area 1
, F- k0 V5 m; v% a; u c' mend
$ `+ r$ c, s! l4 V//当查看完R8的端口后,发现基本命令都补充完整。接下来查看是否有收到IPv6路由。+ O* y4 M8 q0 e) L, p( c+ c% H
R8#show ipv6 route
0 K+ w0 b5 R, v! [IPv6 Routing Table - 9 entries4 C, V h- K* v$ L; t; E/ ^
OI 12::/64 [110/94]3 Q# r- U! x! X! U" H7 ~0 T, B' I
via FE80::CE0C FF:FEA8:2, Ethernet0/2
. P, Q* ~6 ~! I4 T3 [5 dOI 13::/64 [110/30] L) E; {% a# Z g
via FE80::CE0CFF:FEA8:2, Ethernet0/2
% D0 } g; {: O: i. f1 R9 B* G4 s- ?OI 14::/64 [110/30]/ c6 f- U* g1 i0 L- x S3 _
via FE80::CE0CFF:FEA8:2, Ethernet0/2
' [2 j% i7 B5 t' jO 15::/64 [110/20]
K" H: o# \6 D9 v via FE80::CE0CFF:FEA8:2, Ethernet0/2( I# X) U7 I0 A$ H
O 16::/64 [110/20]
' z) w; o1 }( E: Z6 n' M" j2 z via FE80::CE0CFF:FEA8:2, Ethernet0/2
$ H5 X4 ]1 P6 UC 17::/64 [0/0]
% p! z; _0 ` \; j via ::, Ethernet0/2
6 v. C, q* ], m1 q7 \+ t: o' UL 17::2/128 [0/0]# i% s: Y3 K; H& d
via ::, Ethernet0/27 v# g; u+ O+ @+ j" b
OI CC1E:1000:100::100/128 [110/30]: N9 n0 U% p7 P: F7 `& d
via FE80::CE0CFF:FEA8:2, Ethernet0/28 k; M. d3 q/ {
L FE80::/10 [0/0]
1 V- w8 ~6 G2 `3 g via ::, Null0! h6 Y( C$ v5 e' t9 r
L FF00::/8 [0/0]+ e1 W1 b+ p R; [* t
via ::, Null0
2 i: J8 Y0 I. Q# d; WR8#! e/ x N* N7 n i; ~, U3 l4 v5 o) @
//R8已经收到R4的两个分别连接R1和R2的端口的IPv6路由以及R4Loopback200的信息。: e5 W5 G2 ^6 a( m2 ~' {* m0 b( a
R8#ping 13::14 I- X) H! E* s: j
Type escape sequence to abort.
$ R* v: n$ K5 U: uSending 5, 100-byte ICMP Echos to 13::1, timeout is 2 seconds:( P3 ?1 ~ u, A( C. K
!!!!!; S5 Y4 S* e, ^9 q* r
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/120/256 ms% R: K: c. T# G" `* p
R8#ping CC1E:1000:100::100
8 k. Y7 s2 {' c- V* LType escape sequence to abort.
5 T) y# ? Q4 ?; A# iSending 5, 100-byte ICMP Echos to CC1E:1000:100::100, timeout is 2 seconds:
- o# {( v2 C/ d!!!!!$ X, J; h2 _0 `( Z
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/85/120 ms
, ?: F; F Q3 o/ t, |3 r; XR8#% z+ H+ ^8 w: |% G h c" n9 Q/ e- @
5.R22 and R23 can NOT established ospf neighbor.
/ S; _' l3 [" W9 VR22#show fram map( _- E% M5 E- d
Serial1/0 (up): ip 172.14.9.1 dlci 22(0x16,0x460), static,. ]) r! x% i: o5 c+ C7 v2 f( E6 c
CISCO, status defined, active
9 P( d- h9 R2 B2 zSerial1/0 (up): ip 172.14.9.2 dlci 23(0x17,0x470), static,
' B9 F6 d& I% d2 E, N CISCO, status deleted
9 \7 G) a. z$ e( xR22#9 g) V0 M& G) f3 V
//因为中间有个帧中继,所以出现问题先查看帧中继链路是否正常。9 n* `! |. v* p2 s6 X: I8 D* o
//从show fram map 就可以发现R22的邻居172.14.9.2 的DLCI错误。% T$ C9 h, t# d
R22#show run int s1/0: ~" n5 E8 n4 L% J
interface Serial1/0, N) w2 n2 p# B, U! r8 d0 E
ip address 172.14.9.1 255.255.255.252
* C& ~0 F. f5 \+ Z encapsulation frame-relay" v9 z0 p8 \1 ~1 G- ^9 F
ip ospf authentication message-digest9 K5 m3 u. V- a. r* f. I
ip ospf message-digest-key 1 md5 cisco5 I) L- G+ y' _ v! X/ S+ _
ip ospf network point-to-point
4 E: `! E0 ]( v9 f serial restart-delay 0
! [& V& \5 D8 x. k, m no arp frame-relay4 O; q! L. O8 q# Q+ d
frame-relay map ip 172.14.9.1 22( s: u. E6 @, j6 {
frame-relay map ip 172.14.9.2 23
# j% q" \' r- H5 f, B! W) [ no frame-relay inverse-arp4 j6 G& K, p4 a% n T6 Y' H
frame-relay lmi-type cisco
* l! q" H& F2 I! g! R9 Send! q3 _' N$ Q7 h5 y5 j1 e% ^% J& Q! B
//帧中继链路关闭了自动映射,所以要手工配置。
F- }, Q; r6 j& M9 w Z/ ]; C//输入的是本地DLCI号,以及修改成广播方式学习。: f u1 a" u" D2 r/ B
R22(config-if)#no frame-relay map ip 172.14.9.2 23
7 `# R- b7 g, PR22(config-if)#frame-relay map ip 172.14.9.1 22 bro
2 ?' T6 Z x) ^R22(config-if)#frame-relay map ip 172.14.9.2 22 bro
y# f, U# `, ^: ?# y4 S& g' vR22(config-if)#
( [6 u; @3 d: Z8 k( J//R22修改完成后去R23上进行同样的配置。
# B g4 _2 ? j5 eR23#show run int s0/0
, W# B9 S r# Z3 Linterface Serial0/0; p; q0 M& u) R- v$ z
ip address 172.14.9.2 255.255.255.252. F% u) y" L! I, ^
encapsulation frame-relay
- t6 T; @; l: w( [- o& X8 k4 f ip ospf authentication message-digest
9 r) m5 ^0 N3 w3 U9 ~& o9 T ip ospf message-digest-key 1 md5 cisco9 `1 U1 r z7 @+ ~8 c: [
ip ospf network point-to-point0 S* a! V0 \; V. Z
serial restart-delay 0
. i8 V$ ^3 Z8 ` no arp frame-relay, |+ @, d' O9 w3 U
frame-relay map ip 172.14.9.1 22 broadcast
+ G, D9 v9 m u) F8 B no frame-relay inverse-arp- i3 P4 F6 Y; w/ w
frame-relay lmi-type cisco& o8 m( }6 _' A3 b
end3 U- n0 g" o8 F5 a& J' ^, {1 r) H
//本地DLCI号配错,并且少了自己的帧中继映射表。
R4 x( r. S& o% F//插播:为什么要配置自己的地址?' A( T' h) A* f( w; U9 y
因为帧中继链路如果想ping通自己的地址,则需要把数据包发送给对方再返回," N6 a4 Q/ A) n
在没有配置映射表的时候,数据包不知道这个没封装的包要如何发送,所以会失效。4 I. D; c/ H2 o( x( O
R23(config)#int s0/0
0 Y/ j, V* ~( q" a) S. ^/ ~R23(config-if)#no frame-relay map ip 172.14.9.1 22 broadcast
5 C5 a- C8 L* JR23(config-if)#frame-relay map ip 172.14.9.1 23 broadcast+ G& ?: U: f" ?' W4 J" G% z: ~. t, S
R23(config-if)#frame-relay map ip 172.14.9.2 23 broadcast+ K! G+ N( n* Q V
R23(config-if)#
# \2 l# p& }: A) J4 `1 V l: M*Mar 1 00:16:23.083: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.1.22 on Serial0/0 from LOADING to FULL, Loading Done
$ n4 {4 o6 t& g7 ^5 c! U0 jR23#ping 172.14.9.1. J& w K; L$ }# ~- a
Type escape sequence to abort.' W/ i6 \" H! n Y( G1 {3 F( x% E
Sending 5, 100-byte ICMP Echos to 172.14.9.1, timeout is 2 seconds:
7 t# A7 I; f' e: q- q!!!!!5 ^" z' P3 n/ R, d& {8 J+ C
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/33/64 ms; g0 V8 ^: v0 m4 r: @( S
R23#ping 172.14.9.2) c5 X, `% U, P+ z9 L1 B! G4 Y
Type escape sequence to abort.
# ]0 d# j w: W+ ^% ^7 T- fSending 5, 100-byte ICMP Echos to 172.14.9.2, timeout is 2 seconds:2 n8 l) S8 a( X. @' j) b5 d' [
!!!!!
3 T2 O, S1 X) X* S0 n7 T5 T" nSuccess rate is 100 percent (5/5), round-trip min/avg/max = 48/76/132 ms6 }! \% S% `- \+ I# e
R23#
0 `1 b: ^8 }0 ]" B. ^9 J6.Following the diagram, R20 logging in R23 should be NAT, please figure out the questions.
- [! Y0 v- p6 O! S8 d4 nPro Inside global Inside local Outside local Outside global
: K+ m# u/ I" b/ m2 Ktcp 172.14.9.1:18335 172.29.7.5:18335 10.1.1.23:23 10.1.1.23:23
% A% K' X4 b1 h9 z X4 C3 Dtcp 10.1.1.22:36018 172.29.7.5:36018 10.1.1.23:80 10.1.1.23:80
9 S( X7 C9 s& h/ l7 @
& _' ^/ W7 {8 y+ R2 V$ D6 U//R20登录R23会出现地址转换。从拓扑图中,我们可以知道R22是NAT服务器,我们主要解决的是服务器的问题。
/ Y$ K. j: Q4 }8 b//根据上图,我们可以得到的信息如下:
7 H Z- i* k. t2 z5 [R20的e0/1口以上,是内部区域。9 k1 S% s) L- x- q. D
R20的s1/0口以下,是外部区域。R20的内部本地地址172.29.7.5在通过R22NAT服务器的时候被转换成172.16.12.1来连接到R23的Loopback口的23端口。
( t5 f- X% d1 P. a! WR20的内部本地地址172.29.7.5在通过R22NAT服务器的时候被转换成10.1.1.22来连接到R23的Loopback口的80端口。
; |! B$ ]+ C+ H) C. Z5 q. NR22(config-if)#do show run | be ip nat1 f5 e2 }4 G+ t; ]
ip nat pool aa 172.14.9.1 172.14.9.1 prefix-length 24+ n7 i- k D7 g# `) q2 X' r1 [7 T4 J
ip nat inside source route-map b pool bb overload$ |$ w2 x- W' b
!
9 r. v" P* b2 X7 aaccess-list 100 permit tcp host 172.29.7.5 host 10.1.1.23 eq telnet+ q1 c4 x" p$ k9 J8 }6 x, {8 u
access-list 110 permit tcp host 172.29.7.5 host 10.1.1.23 eq www5 e) T0 U3 b) i+ s
!% f: O% N8 F% j. J( v/ r# P
route-map a permit 10' `- P2 U# F% N- i1 @7 d
match ip address 100- D. ]/ z) g- |, s; W; g
!: ]7 ]+ W* g _# S( R
route-map b permit 109 q+ v) i/ [8 X7 ~& c
!
J9 G. D$ ^1 Z4 M5 H+ Q, I//在这里我们发现有两条访问控制列表应该被使用,但是目前只使用了一条,包括其他所有的命令我们需要补全它。
- t7 B' b: b- G0 S6 r" JR22(config)#ip nat inside source route-map a pool aa overload1 c* }: H/ B1 H( X; L
R22(config)#ip nat pool bb 10.1.1.20 10.1.1.20 prefix-length 24
" \& F Y" O9 K: AR22(config)#route-map b permit 10 @# w! F: X$ z# n
R22(config-route-map)#match ip address 110' C& d1 t* M2 \, A4 }/ f
R22(config-route-map)#exit
6 [7 K/ D# `4 D& a. U, l% `$ M//完成后在R20上尝试是否能登录过去
1 Y( _3 ^- |* xR20#telnet 10.1.1.23 23
8 |/ M; J. \) y+ ], [* JTrying 10.1.1.23 ... Open
/ a& C; T( X/ N4 i0 J% y: JUser Access Verification7 L7 l; j4 j5 x% ?0 U% Y! M( y
Password:
8 q; M( ?' S) Y8 J( N7 L8 Y" |R23>exit
# e- d6 K" w" UR20#telnet 10.1.1.23 80
. s# ^, b w: ?% ?* `1 I5 m" o- C2 KTrying 10.1.1.23, 80 ... Open" |5 U, `2 a. E9 f+ L
exit
% k+ f% i" r7 _4 aHTTP/1.1 400 Bad Request
( R; M% F+ N ~8 wDate: Fri, 01 Mar 2002 00:06:38 GMT
0 k6 u, A: }! z* A" B: m0 l$ c! CServer: cisco-IOS2 d$ U: }9 t$ @8 l% g% s6 @: p
Accept-Ranges: none! b; h! G/ z9 }9 T' z# B' w1 m
400 Bad Request) m9 u m/ w9 j7 l" Z: W; A
[Connection to 10.1.1.23 closed by foreign host]
* @: E Q' L2 p [% z4 \R20#0 L7 v% O: \. E$ o2 Z- U# {
//在R20上测试完后,我们去查看一下R22NAT的转换表% h3 n5 O. E P8 K) t+ r6 W
R22(config)#do show ip nat tra8 a% l4 T" J; [& v( _
R22(config)#5 F; F8 S0 u! a3 x5 B
//转换表是空的。去检查一下接口是否启用了ip nat inside & outside
! Z( a4 N( o' H. f1 [* CR22(config)#do show run int e0/1# W% K/ B2 R' x* B/ G
ip address 172.29.7.6 255.255.255.252
8 b( E* C, O- g half-duplex
1 [9 v7 v7 s# }7 Q8 Q- rend' f" X% r( i# W2 V& A/ G
R22#
6 Z% B/ z. p2 w//把两边的端口同时进行补全。
3 {5 \3 A/ N2 Y* k! X! N" z: _R22(config)#int e0/1: H. ~9 L v( V: D
R22(config-if)#ip nat inside
; a3 [ n" j( t: d" w3 bR22(config-if)#int s1/0 _; t) X* e0 g) f- w+ A7 z
R22(config-if)#ip nat outside
- J( E9 `' a# k% ~9 H//完成后测试) g( m/ `& u/ d6 U: n9 n! q3 ]0 n
R20#telnet 10.1.1.23 808 u) Z- ~$ L1 I6 D6 }! S: d5 E" W
Trying 10.1.1.23, 80 ... Open. s4 p% N1 W- I# h0 l/ F
exit5 B) t' }+ n, d% |
HTTP/1.1 400 Bad Request
6 d" R7 y- g% R. J( C; sDate: Fri, 01 Mar 2002 00:08:37 GMT
: N. C" X7 V/ U( A# ^1 PServer: cisco-IOS
! J3 A5 T8 k @Accept-Ranges: none
' [9 y1 H+ S% F+ c' X! O7 m400 Bad Request% B: n# |7 v4 g
[Connection to 10.1.1.23 closed by foreign host]
( n5 S! D, N# R! SR20#telnet 10.1.1.23 23
_3 c! R1 J, }Trying 10.1.1.23 ... Open
7 @# q/ O6 k H: ?9 Z7 `2 x% @" u$ t" Z8 l
User Access Verification E c: W: g! N i' {* J; V
Password:; o6 p. w$ ~ C8 W( a/ K: d
R23>exit- p' k" |' z6 ~: }/ v& R
[Connection to 10.1.1.23 closed by foreign host]
4 t' R3 B; d& e1 JR20#) u' p! }2 G2 ~: E& R! V; o9 Q8 ?$ F
//测试方法3 u: U4 i3 A- n8 _$ F" k
R22(config)#do show ip nat tra
' I; ~. e) B( O B- zPro Inside global Inside local Outside local Outside global7 y: N% x @1 G1 n
tcp 172.14.9.1:22209 172.29.7.5:22209 10.1.1.23:23 10.1.1.23:23; `- a9 ~" g( o9 k W1 g7 r
tcp 10.1.1.22:56248 172.29.7.5:56248 10.1.1.23:80 10.1.1.23:80& ~, {4 |; R5 { P" l1 z' a
R22(config)#
5 k+ i$ q! H) ?3 b1 ~4 l) C K# T//结果输出
c7 |2 E" ]6 a% G# h) b4 V7.touch off the EEM run when the R27 ethernet0/0 administration down.
4 m6 |2 n' O& w//这题的要求是当R27的e0/0手动shutdown之后,触发EEM执行no shutdown命令。3 W4 d/ E6 P X
//首先我们可以先要知道手动shutdown了E0/0后的命令是什么。4 ]# L' ?4 @' n
R27#show run | be event man
6 N0 u% J2 A) {% Y; C0 }8 ]0 h% Oevent manager applet xx
/ H% k5 }! E& s: o; }% X event syslog pattern "down down down down"
% S, b, ~0 m6 p; C1 E' C action 1 cli command "enable"% P( S W$ h6 T- q9 u% F
action 2 cli command "config ter"& |6 G% a% V, H* Y5 a9 ^6 S4 w
action 3 cli command "int lo0"
5 @ x1 z( `, n4 I% w U action 4 cli command "no shut") o2 |% \9 ~& Y" f
!: g$ [! m( H r4 X6 t0 {% R/ u
end. f$ R- j, H; r+ Q3 z$ g% }
//这段EEM有有两个错误,一个是截取的内容,一个是进入的端口。
. a5 V: _3 \: m. B3 J1 lR27(config)#int e0/0
9 i. E) M% }2 c9 R3 I+ i1 Q' iR27(config-if)#shut3 R; n. R0 a) E7 Y: \+ p! J3 M% D
R27(config-if)#+ ~, O: g# a: G! [1 @5 m' X
*Mar 1 00:04:44.379: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
1 R! ? L& F6 B! m//我们要引用上面一句话,所以通过这个方式来提取信息是最安全的。
; Y2 @5 W7 U; e% C h6 bR27(config-applet)#no event syslog pattern "down down down down"7 ]: i X8 v+ k! {5 W) ~
R27(config-applet)#event syslog pattern " Interface Ethernet0/0, changed state to administratively down"
' u( c" d% ~( H" NR27(config-applet)#no action 3 cli command "int lo0"- f, O6 |* H+ Q
R27(config-applet)#action 2.1 cli command "interface ethernet0/0" [' W/ S4 l) @* w! l! H% L- M
//输入完后要no shutdown端口才能生效。
7 _( i- M7 G1 e- X7 Z9 j/ o/ A//接下来,我们进行测试。' F. R+ E$ t- Y! R
R27(config-if)#shut2 e7 r2 l( S% k' b
R27(config-if)#
# ~" R$ K- u% A4 J*Mar 1 00:12:40.283: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
( l* B: i: C8 T$ y3 G9 U*Mar 1 00:12:40.687: %SYS-5-CONFIG_I: Configured from console by vty0
, `) w/ K5 n- X5 y- k. R2 d*Mar 1 00:12:42.547: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up9 {4 o0 g# R V
R27(config-if)#6 M( }# \" v* h9 [$ G/ N. ~
8.R20 loopback0 can NOT ping R26 loopback0.
/ P. g# o$ U5 l- T: B//先去R26查看端口的IP地址情况。+ H; T5 y: Y; D$ H% `1 D: D
R26#show ip int br
1 e$ C. R% ^" S$ B+ JInterface IP-Address OK? Method Status Protocol. ~) x) O" O7 y* \
Ethernet0/0 172.14.11.10 YES NVRAM administratively down down) L" w a% H* [
Ethernet0/1 unassigned YES NVRAM administratively down down5 C7 X# [- n+ r& ~
Ethernet0/2 unassigned YES NVRAM administratively down down
; |3 N& d% u6 L! w/ A$ T& s* dEthernet0/3 unassigned YES NVRAM administratively down down. v8 x7 K6 ]! q! Z' f7 d2 W. V
Loopback0 10.1.1.26 YES NVRAM up up & o0 e+ r0 ]. |4 e
Loopback100 198.168.20.1 YES NVRAM up up
5 A/ }2 S1 ~8 T/ f! P1 |R26#
5 G4 m1 O5 x6 C4 Z//把E0/0端口打开。
8 u) `7 B: @6 @R20#ping 10.1.1.26. p& q/ B! M$ E+ b6 u5 r
Type escape sequence to abort." W7 m8 l; \7 q" h0 k
Sending 5, 100-byte ICMP Echos to 10.1.1.26, timeout is 2 seconds:) e# s0 G ~1 w) P$ g" I5 g) ?
!!!!!+ s ^2 R# D4 P3 U
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/72/104 ms
- E+ m% l) N9 U3 d, }" x* s: }R20#0 P& t7 E+ N: U( Y3 w
R26(config)#do show run | be r o) n( e% x- o. C y. G! q
router ospf 100
$ {3 {& T1 d, p" z0 p, V& S( i log-adjacency-changes4 @3 C0 A J, ?3 e5 E# F* j. O
area 1 authentication message-digest
6 Z: b" M2 x- W' |- ]$ E% W# W* o area 1 nssa$ P) J6 ?; J* K8 Y
redistribute rip subnets route-map conn0 m+ _/ j- ]; r" O4 z, X9 Y
network 10.1.1.26 0.0.0.0 area 1. \$ M1 E/ S/ Z; K' J
network 172.14.11.10 0.0.0.0 area 1
* M; @( u+ @* @7 R0 V1 P( M9 Nroute-map conn permit 105 a9 i$ X2 i: E3 G/ ~6 U
match interface Ethernet0/2% v: O3 n: D9 H7 o
//RIP重发布进OPSF匹配了route-map,解决方法可以把Loopback地址加进去,或者把route-map删除。
5 Y! B# D, m, E' u8 S9 O' yR26(config)#route-map conn permit 20' B( Z1 _1 `7 Q1 _0 C* i m/ ~
R26(config-route-map)#match int loopback 100
4 j( Z6 T+ v3 I A' n0 W/ O+ |R26(config-route-map)#exit
, R+ ^2 ]5 n( s) w! \7 p) m o$ \& oR20#show ip route | in O E2! ~" L' Y( q4 ]
O E2 198.168.20.0 [110/20] via 172.14.9.2, 00:01:13, Ethernet1/1
. T' R) @/ L! }8 _: k; g7 OR20#) D8 x0 c* @- M& z8 B' c+ a0 G) W
R20#ping 198.168.20.1
M% a* J, |* O+ r+ P1 p7 O; ]Type escape sequence to abort.' ]0 \, E% g$ p$ x# L8 \
Sending 5, 100-byte ICMP Echos to 198.168.20.1, timeout is 2 seconds:; e% L6 U; L2 n
!!!!!
& X+ S. Q+ ?: U2 iSuccess rate is 100 percent (5/5), round-trip min/avg/max = 24/45/100 ms
" F2 H X/ i: A: H5 ~' c kR20#
: Q& @; [0 X! f2 q* k2 r8 D9.R14 loopback0 can NOT ping R8 loopback0, fix it.! a6 O* T0 c% [; {9 L- r
这题无法模拟,只有写出问题所在和需要注意的事项,最终参考“成都互联神州 超详细 Francisco” 的战报。5 g$ i2 i8 x+ E7 q
R14 ------ SW2 ------ SW1 ------ R10 ------ R8 : \1 ?6 C# G6 p
这是物理拓扑图的连接方式。
+ I( w& M9 R' j a需要注意的事项。' q' k- `) m5 v+ u# l
1.VTP domain name (CCIE)
# f$ g; }8 w" ?( v2.VTP password (cisco)8 T6 _, z4 K! p0 |
3.VTP mode (SW1 Server; SW2 client)
2 R' Y: X$ ]9 M$ K5 _) S4.VTP (version 2)
+ Z! \& a: d4 |& {0 F/ @' K7 p5.VLAN号是否相同 (114)考试的时候不是这个VLAN号,或者说根本没有* K4 D, R' o# |
6.端口是否有加入VLAN
. W8 {0 V6 _; E3 @% U: `7 {. Y; m switchport access vlan 114
" N S/ N% O' j- Y switchport mode access, {8 ^& b" {1 C1 n h
7.SW1 和 SW2之间的模式 (trunk)
/ g7 G0 a% F% z! {7 H8 ^ switchport trunk encapsulation dot1q
, k _& x* Z4 H/ p, B: p switchport mode trunk
7 T4 R0 c$ z% p9 w( x E3 ]' c: ^3 T3 p" J
10.Match precedence 5 with R11&R12 to R7&R8.
: O$ y% a0 x2 O6 U$ tR9#show run int e0/2! P0 e6 ~* R" [: C5 t
interface Ethernet0/2% w& J0 W. w7 m4 O, ]0 Y0 _0 P
ip address 10.10.10.29 255.255.255.2528 f M6 Z0 p- p8 |7 v
rate-limit input 8000 1500 2000 conform-action transmit exceed-action drop4 _7 k% f3 u) [% Y1 b* s
ip policy route-map PBR
" j' ^5 _- J( I5 t6 R/ s half-duplex6 j1 W) k4 _. S8 L& [0 ]) s
service-policy output xx+ b+ s% P I8 j- e2 K& |- \9 x: Z: t
end
/ ^# ?5 C8 q( C2 PR9#show run int e0/0) k1 p3 p; C7 s" Z) P0 |1 V/ N) r
interface Ethernet0/01 q$ _) U5 z3 x
ip address 10.10.10.37 255.255.255.252
; U3 M: r9 S2 }' b ip policy route-map PBR
& i+ |& X- r# Q/ P half-duplex* n$ q m4 d3 ~1 X" ^ J
end9 O( a* V$ Q/ `1 a2 x# M( h
//端口上有流量限制,route-map policy-map的限制5 p" ~1 {$ Z/ F6 {2 o
//检查各列表的匹配情况
$ N( e, k% E+ P/ y//把所有的配置都完善一下,并且把下一跳限制取消。
0 w$ U5 C$ A0 H) C. i//access-list 100 是匹配 class map ---- policy-map ----- 再应用到接口上
5 u8 t; @7 y' P对于E0/2的端口,就只是抓R11的路由。
1 ^; c" q- g8 N- D# M* B2 b. y$ t对于E0/0的端口,就只是抓R12的路由。& k8 V# Y8 l+ Y' q( |
这题正常的配置和测试方法应该是:
" M! Q* u. N% p% l2 e2 m- n% c0 GR9:" [, ?. h1 B; w: n+ t* x
ip access-list extended R11$ x' o1 w5 R5 u( A* q" v
permit ip 10.1.1.11 host 10.1.1.8 precedence critical
+ u% k! B L' b- Y permit ip 10.10.10.30 host 10.1.1.8 precedence critical
5 V' {: M& U9 S f x' k permit ip 10.1.1.11 host 10.1.1.7 precedence critical
& y3 \3 N* \- q" y) f7 ] permit ip 10.10.10.30 host 10.1.1.7 precedence critical/ m- [) ?" R @
ip access-list extended R12/ o0 m; M% z n
permit ip 10.1.1.12 host 10.1.1.8 precedence critical
* l: g, V+ h; W8 B* f: ]- q3 Y5 c permit ip 10.10.10.38 host 10.1.1.8 precedence critical: F$ d3 R3 V" \8 E
permit ip 10.1.1.12 host 10.1.1.7 precedence critical1 q7 q" s5 [# P
permit ip 10.10.10.38 host 10.1.1.7 precedence critical) ?8 C% H) ^2 g
class-map match-all R11% ? x5 ^# C& p8 A3 c+ B
match access-group name R11' U! e# y5 ^/ Y& I
class-map match-all R12
4 Z L" l/ }! ?$ E( w2 ?. h. n match access-group name R124 ?- g1 ` S2 i! J- p2 L3 U5 k
policy-map R11. _1 I9 E) L3 n- Y& t" X" a; D
class R11
2 y! X7 y. t& e! K/ H set ip precedence 5/ ?" J1 v1 g1 o) H# P H! h
policy-map R12
# G% E; _' T. K( e class R12
% {2 P0 X7 G- F) e" r set ip precedence 5
1 ?2 | c% I$ C2 t6 E R, ~int e0/2
7 Y2 w+ z% h4 D service-policy input R11& ^6 a* E+ R/ c7 Y
int e0/0
! k* b: e- j4 ?5 F7 M6 d service-policy input R12: ]5 A6 O( R x! A7 O. Y4 T
//配置完后进行扩展ping测试。( @, k! G1 K# _
R12#ping
( z, C1 u( f" w; M8 i$ @8 }1 s' |Protocol [ip]:% d3 i% x: S) j% G. |/ L
Target IP address: 10.1.1.8: U- q f2 ^& H; P: J
Repeat count [5]:3 M9 e; Q! C3 N4 m5 ]5 I
Datagram size [100]:8 C% U5 y; M, o3 A1 l/ J
Timeout in seconds [2]:
# ?# { f" y. P3 O+ dExtended commands [n]: y
5 W5 o& [. P8 ^' N9 v- G1 MSource address or interface: 10.10.10.38( D% @, F1 A/ a8 U
Type of service [0]: 160
" J3 l6 a- w, V9 Y3 {1 eSet DF bit in IP header? [no]:, k5 z9 L3 q( ?0 o
Validate reply data? [no]:
- k5 k6 c& Z8 A' MData pattern [0xABCD]:
Z& ~8 h! Y2 ? v5 ~0 N. nLoose, Strict, Record, Timestamp, Verbose[none]:
5 i9 s5 o9 d9 Z0 T( K; gSweep range of sizes [n]:) C: `0 \+ F6 @- H3 V9 V% F
Type escape sequence to abort.
' \0 a5 b8 ^0 X( [Sending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:
* E0 a. j: s" ?) L1 x& q4 ]Packet sent with a source address of 10.10.10.38
$ N( E5 t3 D7 ]7 N% A! {: w!!!!!# R, I# a" I N( B9 g* l8 v
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/57/80 ms
! r: v& R$ R* S7 Q2 f7 }R12#
4 S" U, C4 ~2 CR9(config)#do show policy-map int e0/0
+ a9 V& o0 ]9 f* _8 n& s Ethernet0/04 h/ w9 D- B# z: m3 M
Service-policy input: R12
g5 I: f- @5 x3 v" i# d& [0 P Class-map: R12 (match-all)% B8 P" d. G( a- V
0 packets, 0 bytes" W4 \: w& l' [, T& E8 U
5 minute offered rate 0 bps, drop rate 0 bps
$ C6 ?) Y/ X& f Match: access-group name R12
: o2 v3 a! s6 K U QoS Set5 t n$ t3 G) d6 E: E- Y! r U
precedence 58 @' g' [' l/ y/ p$ ]0 \3 U
Packets marked 5
, s! z- b2 W1 \. P# Y3 ~% V# m' | Class-map: class-default (match-any)
% ?. U; t0 i+ D 111 packets, 11298 bytes
2 g* c H1 H* Z" ` 5 minute offered rate 0 bps, drop rate 0 bps! u+ F- W; Q3 g
Match: any
6 Y. X8 n0 \) k) h% v/ cR9(config)#
' V6 ^" Q1 T8 z+ N1 C4 \R9(config-ext-nacl)#do show access-list
5 S9 T% I6 n- D; jExtended IP access list R12" S3 w( V' b3 ^* ^2 E3 Y
10 permit ip host 10.10.10.38 host 10.1.1.8 precedence critical (5 matches)! V0 m9 H, \; I% e3 P* R
20 permit ip host 10.1.1.12 host 10.1.1.8
. G1 A1 W8 r, f+ Y# j 30 permit ip host 10.10.10.38 host 10.10.10.21
% e% a; o9 F7 T 40 permit ip host 10.1.1.12 host 10.10.10.215 |" `5 V `- g6 S
//把剩余的所有IP地址都匹配上,然后进行测试。
" M* }% N0 B8 n0 E% U' j% U- }' h
-------------------------------------------------------------------' A, D8 O L5 {- t# E) E+ n' ?
cos
( d5 ~" |' E) ?& i& a6 s& X! k000000 routine (0) 0
0 ?$ p. \8 G" H; g001000 priority (1) 32
0 Y/ q" f5 U* [: Y( G" t; O010000 immediate (2) 64
5 K3 A( t9 c& [: ?# K011000 flash (3) 96) C* t5 E) M* i' D2 u' F. U- C
100000 flash-override (4) 128
3 A0 ~( Q m! k3 e101000 critical (5) 160
3 [& f# Z; T, j3 s" e110000 internet (6) 192
; \1 n2 D9 ^' P" Y+ s1 s111000 network (7) 224
3 |& m9 T3 Z" j+ aTOS 前3位
{! b7 G8 W: M' bDSCP 前4-6位7 A7 { Y0 F$ N+ Q: y- _8 |
3 p: k& T$ v) k8 `0 u! c- |: C
# l- L/ `2 F% p
: V, Q, d$ z g* ^& }, p; m6 a
5 h2 ?8 _/ l) D4 W* J
5 `* S8 ^+ F$ a7 V/ Y" k4 V3 i! u9 u G0 s7 M. V' ?2 \$ O4 Z# T
- |5 p" A$ F: } G
* v8 M! @$ k+ h- n8 l' f2 s2 C/ |8 o
) Z0 \6 X6 E7 C) O. S* c( o3 V TS2
! {* j# s) a& o//部分路由器编号不对应,请参照正确的拓扑来查看。
. n0 s, e' p* H6 z: P# F9 k1.R31 & R8 should established security BGP neighbor.' A$ b; n8 Y- a
//打开路由器后,直接就收到了MD5密码不匹配的消息,查看BGP邻居关系,并查看show run 的BGP密码匹配情况。; ^- e Q4 `# L% b7 Z% f2 v7 c
*Mar 1 00:07:30.379: %TCP-6-BADAUTH: No MD5 digest from 10.1.1.8(179) to 10.1.1.31(45688)% ^8 ?" B; g/ `5 ?
RACK30R31#
$ M$ {8 }. s4 s4 A% FRACK30R31(config)#do show ip bgp summ; {7 L" O- J0 ^! l
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd- h3 g! ~# U' B" e( |: a
10.1.1.7 4 200 14 14 2 0 0 00:10:13 1
# D- c4 x) i0 R8 @& E/ g% x+ s10.1.1.8 4 200 0 0 0 0 0 never Active* b+ Q( w6 w" ^! \% s& ]
10.1.1.30 4 200 0 0 0 0 0 never Active
& v9 x6 h; T- }$ r- d; CRACK30R31(config)#
2 e- g8 s/ p$ y//确认BGP是否无法建立。
: i ^, Y3 }2 q# J/ WRACK30R31(config)#do show run | b r b
- y. O, f5 c7 ^+ x3 W7 Orouter bgp 2002 x- E! I6 I2 L- Z$ I3 m$ P1 J. P
no synchronization' ` X$ w# P0 x4 M2 B- t$ D
bgp log-neighbor-changes0 G6 V5 n" `" N6 F
neighbor 10.1.1.7 remote-as 200
4 X% L$ s g/ c1 u neighbor 10.1.1.7 update-source Loopback0* ^' V; f# `$ X% H! J0 h! i
neighbor 10.1.1.7 route-reflector-client3 O8 }0 U8 N$ _; e0 {9 g/ l7 S! V. j3 b, i
neighbor 10.1.1.8 remote-as 200, l. J; _1 j$ \7 `6 l* p, w
neighbor 10.1.1.8 password cisco: F. c7 |3 [$ A/ q; O; a; p
neighbor 10.1.1.8 update-source Loopback0& s- {- W" O1 ~. P% O5 m
neighbor 10.1.1.8 route-reflector-client7 u3 ~* x0 U1 M; [% B6 ?
neighbor 10.1.1.30 remote-as 200" @- I7 r7 s( ^7 }# j I0 T
neighbor 10.1.1.30 update-source Loopback0
3 \! k# p2 E3 `3 S& @( S3 O no auto-summary
5 @# E4 D' E; }# J! j//R31对邻居R8配置了密码。去R8上查看密码是否匹配。) e- _. g; Y8 u" g! J2 w) o( m
RACK30R8#show run | b r b
+ p2 }) l. w( Vrouter bgp 200
) p$ n. }5 e: L no synchronization i+ v0 ]8 m" |
bgp log-neighbor-changes3 D; p! Z+ i5 _, Z' t u F
neighbor 10.1.1.31 remote-as 200
) R- x* j6 v- ]5 \: e% N neighbor 10.1.1.31 update-source Loopback0
) P+ {5 q, T% j# U* Q E neighbor 10.1.1.31 next-hop-self" U$ j# o3 d: F- E5 T, @
neighbor 10.10.89.29 remote-as 300
- l) D' I% ` U p0 Q3 I9 a9 E no auto-summary/ {/ W: |. `: C. r; N& U* e
//R8上没有对R31配置密码,进行配置。5 C- f k6 r( z1 v, i" A: [3 [
RACK30R8(config)#router bgp 200
( ~8 V" S- H# A4 ?. n. `8 m- GRACK30R8(config-router)#neighbor 10.1.1.31 password cisco& G$ R, S- }6 Y2 N& M! x- T! U
RACK30R8(config-router)#
& Z) G7 b7 g# D$ O6 u* ^*Mar 1 00:22:38.127: %BGP-5-ADJCHANGE: neighbor 10.1.1.31 Up c4 ~/ a2 I7 C' a0 e1 G
RACK30R8(config-router)#6 G% s5 `+ I: ]1 F( b1 X
//基于题目的要求,安全BGP,所以对两台路由器BGP所配置的密码进行加密。0 h# M+ k6 K: M/ T0 y7 c3 M9 t$ o
RACK30R8(config)#do show run | b r b/ [, |, L+ m9 \' v" l
router bgp 2008 f. u0 `6 k8 u2 o: H* {
no synchronization2 ]2 `# v# K, x6 [3 W/ R
bgp log-neighbor-changes
5 v: b5 o$ _& i/ P neighbor 10.1.1.31 remote-as 200
- s6 ?$ G8 O0 @4 R, M& f: F neighbor 10.1.1.31 password 7 00071A150754
7 Y' u2 |1 O% n% a6 A neighbor 10.1.1.31 update-source Loopback0
3 C+ ]$ |6 h0 n7 T6 Y neighbor 10.1.1.31 next-hop-self
9 {2 F$ C. b+ W' }& E neighbor 10.10.89.29 remote-as 300
6 P/ \" i+ A4 m/ ? no auto-summary: v+ E- U3 h: n9 f: ?
!
- z- t) R$ l# z& ], i* r2 ERACK30R31(config)#do show run | b r b! r2 G1 b3 p8 H. w5 q8 d( s( Y
router bgp 200, m! y3 m8 _' m6 _3 t* ^
no synchronization
$ |( g* j4 B+ z3 @ bgp log-neighbor-changes) O& u% @ l3 f [7 E6 @
neighbor 10.1.1.7 remote-as 2007 i. _: \7 M8 J; g6 ?
neighbor 10.1.1.7 update-source Loopback0
/ I3 v" p/ \1 a neighbor 10.1.1.7 route-reflector-client% M5 `0 {. @2 j/ Y
neighbor 10.1.1.8 remote-as 2001 d# r. t+ M c0 z7 L2 M
neighbor 10.1.1.8 password 7 045802150C2E( H8 y0 p9 v" c' I1 g* [
neighbor 10.1.1.8 update-source Loopback0
* X( [% m% J* ^& n( x$ w' Q neighbor 10.1.1.8 route-reflector-client
5 ?0 ]: \5 v1 v9 ?/ _ neighbor 10.1.1.30 remote-as 200% q' F& T' Q {8 a. m4 U
neighbor 10.1.1.30 update-source Loopback0& e& m2 Q0 j" a9 h
no auto-summary
+ \! L' ?9 y- Q. Q5 {: }+ D!3 Y/ ~& S& S7 J
+ l0 [; @1 s4 |. w
2.R2 loopback0 should ping 10.1.1.27 (use one command and same device to fix it).
' ]! ?8 ~7 E& d& iRACK30R2#show ip pro
- _2 y% i4 T5 O2 h) bRouting Protocol is "ospf 1"& S" u# j& y8 C2 s4 O
Outgoing update filter list for all interfaces is not set
' \2 S5 ^5 _0 M9 N7 k Incoming update filter list for all interfaces is not set
0 ?) h4 v/ h& q9 D/ }7 c Router ID 10.1.1.2: c; @* b! Z( r8 Y; c3 e) q; ]
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
3 w! X1 N# K7 n9 A$ Z Maximum path: 4/ w5 v$ i0 M% j7 z- a0 k6 A2 _
Routing for Networks:
5 T$ _+ e' n& m 0.0.0.0 255.255.255.255 area 2
5 A8 T" d6 ^9 |$ O( Z Reference bandwidth unit is 100 mbps
& d f6 F- m" V4 m, Z! i Routing Information Sources:
1 |- e6 S* _: @4 J& S# k/ P Gateway Distance Last Update v& \/ i- u2 d# V& i* P
Distance: (default is 110), ~; {5 V# {! V, K3 `" A, _ G
RACK30R2#
) V# k& {4 h0 C/ `+ d# K! s' A' rRACK30R2#show ip ospf nei
- U: W$ q& E& ~2 f. }5 {Neighbor ID Pri State Dead Time Address Interface8 k3 T- G2 c# h$ |3 X b( R+ Y- s
1.1.1.1 1 FULL/BDR 00:00:38 10.10.123.3 Ethernet0/0. H9 p4 i* B% E, ^$ t0 s! d% u
RACK30R2#
4 P% ^( X) n* d5 z# rRACK30R3#show ip pro- h/ d+ e5 h( g5 f9 [. m7 M
Routing Protocol is "ospf 1"
1 y# J+ R4 a0 H8 N Outgoing update filter list for all interfaces is not set
% ], ]% g7 X9 c# j! c Incoming update filter list for all interfaces is not set/ a: A" F# e. I) X2 T
Router ID 1.1.1.1
' f$ F; i; P# W Number of areas in this router is 3. 3 normal 0 stub 0 nssa
5 e) l; B. u4 Q5 T' J- e$ ?) {. d Maximum path: 4; H1 l- R& ^& m& t" T1 ?7 C& \
Routing for Networks:
' @$ y& O3 U7 ^( F( Q* H3 y$ N 10.1.1.3 0.0.0.0 area 1# c- [" a6 P* `* W( `
10.10.35.3 0.0.0.0 area 1" J5 g8 B! b8 \, ^8 e" n* G2 x
10.10.123.3 0.0.0.0 area 2
4 q& Q! g5 Z8 T9 |9 h Reference bandwidth unit is 100 mbps
$ O: \+ @! }9 L' g* E! I' a Routing Information Sources:
I4 S; J/ A) A9 i2 E, G Gateway Distance Last Update5 d& P1 }$ h5 I0 F2 W9 n; I
10.1.1.2 110 00:32:06# ]8 D8 `0 t: z3 W2 ~
10.1.1.5 110 00:31:56& ?0 m1 f6 u, h% a' D' J& q
Distance: (default is 110)
5 G0 Y' U) J. N- m; DRACK30R3#show ip ospf nei
7 p7 ^% F- X" l8 j9 p5 u" _" l2 `0 oNeighbor ID Pri State Dead Time Address Interface
7 ^6 {- ]: U& k6 G: @# R" _10.1.1.5 1 FULL/DR 00:00:35 10.10.35.5 Ethernet0/0/ K# D! w' O+ P* I
10.1.1.2 1 FULL/DR 00:00:35 10.10.123.2 Ethernet0/1; H+ m) ]9 O$ f! ]/ m/ K
RACK30R3#- j& w6 }' F- w* Z# r# `! f/ o
//R2已经成功和R3建立了ospf 邻居。并且R2e0/0和R3e0/1的是属于OSPF区域2,R3e0/0之后是属于区域1。
- }+ Z3 i6 w$ s//OSPF区域1和区域2要通信,则需要通过主区域0来进行。
4 o3 @" v: Q+ K8 m: S//再经过查看,可以发现拓扑是这个状态:区域0(R8----R6)---- 区域1(R6----R5----R3)---- 区域2(R3----R2)
& B- j' \) L& ^" Z! B% j" p//那么区域2要和外部通信,或者要和区域1通信,则首先应该和区域0建立虚链路。
( M* {) u/ A( ^/ k! W! W# n, C//在做虚链路认证的时候,一般还要做区域0的区域认证,但是现在R3却没有成功和区域0的R6建立虚链路。
! d' S$ {5 l: `去R3和R6上查看命令配置。' }4 t* p8 {8 [- @
' [4 K" r+ ~0 i* kRACK30R3#show run | b r o$ I9 ~0 J/ q6 P. G$ \" c6 g
router ospf 1
) d" k/ T. |6 x& @" ^( w router-id 1.1.1.1
3 g- U( H0 E4 |& K* @ log-adjacency-changes
- ?9 {! K9 D7 L+ c area 1 virtual-link 4.4.4.4 authentication message-digest9 m# q, r6 h+ ^
area 1 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco
: O/ t5 ?! h5 V% ?: E network 10.1.1.3 0.0.0.0 area 1
3 L+ y' ]" D' N3 p" L% M8 \1 j network 10.10.35.3 0.0.0.0 area 1
3 m+ g( W" y6 \5 X0 @# ^/ o network 10.10.123.3 0.0.0.0 area 2
% h9 n+ V& B% v2 D. S5 y' c!8 X; V; p1 M5 s
RACK30R6#show run | b r o
" e5 b6 K& Z2 e0 Nrouter ospf 13 `( `, c7 }% Q; L! |4 L6 ?( V' X
router-id 4.4.4.4
; H5 A: ~. e+ x* i6 K% G" ~! B log-adjacency-changes
1 R9 N& g& P4 U; W/ K/ s- m( S/ J area 0 authentication message-digest+ ^6 n0 H/ [/ f' N! a
area 1 virtual-link 1.1.1.1 authentication message-digest
, y7 D9 X/ j0 G( K) H. a% K8 ~3 v area 1 virtual-link 1.1.1.1 message-digest-key 1 md5 cisco
7 I) B+ i& Z% }4 E6 o network 10.1.1.6 0.0.0.0 area 0( ^7 ~# ?, f9 P
network 10.10.56.6 0.0.0.0 area 1: [8 c6 A0 M1 `$ @7 F B
network 10.10.68.6 0.0.0.0 area 0! s- L% G, i1 b2 G& ?0 S- W' m
RACK30R8#show run | b r o
" P( f+ I8 U# I$ r5 Yrouter ospf 1
# r- s2 Z7 I' t9 m' L$ @ log-adjacency-changes
% k( z0 \9 H2 a% h' w area 0 authentication message-digest! I/ V( b0 w0 l0 e
network 10.1.1.8 0.0.0.0 area 0
2 E- t! b4 g: m* U7 l/ Z network 10.10.68.8 0.0.0.0 area 0
, p' D/ U, A" I+ o7 d* g+ dRACK30R6#show ip ospf nei
% ~% f/ I9 M E7 O( iNeighbor ID Pri State Dead Time Address Interface5 I5 k* _5 `3 | p( L0 i2 O
10.1.1.8 1 FULL/DR 00:00:31 10.10.68.8 Ethernet0/0; C$ {. \) W* w' h) T4 h
10.1.1.5 1 FULL/DR 00:00:39 10.10.56.5 Ethernet0/1
" r; B, x) L% s9 w* \8 v7 ERACK30R6#
; b! f7 t) ]2 u) s, g9 j; T x8 K5 ERACK30R5#show ip ospf nei
! U, F1 z: F' ?5 ]* V/ M4 |9 VNeighbor ID Pri State Dead Time Address Interface
$ L$ B4 S4 c0 Q+ s) F. z7 e1.1.1.1 1 FULL/DR 00:00:32 10.10.35.3 Ethernet0/1
' F! b6 C" z6 C; b" ^1 w- e) _4.4.4.4 0 FULL/ - 00:00:34 10.10.56.6 Ethernet0/03 y$ {0 v7 A$ \& Z4 K8 a2 z
RACK30R5#/ m, M! p$ {1 D H1 h+ Q) [
//我们可以从这里看到,R3和R6已经配置了虚链路认证(为了确保密码没问题,可以重新配一次)。) l: @' f. c# I/ ~7 q/ h2 X g: Y( b
//R6又和R8建立了区域0的区域认证。7 }. N' a" Y/ {1 p
//目前的状态是R6和R8、R5建立了OSPF邻居;R5和R6、R3建立了OPSF邻居。
, S+ y' `$ N3 y- x7 a6 ^ 但是大家有没有发现一点,为什么R5在连接R6的时候会没有选举DR和BDR呢? c# n4 ? i7 ]( ~9 [* `
//我们去查看一下R6和R5的连接状态$ Q# I. N! Y' F* G1 q% m
! C9 r' ^1 {7 J8 E
RACK30R6#show ip ospf int e0/17 G* q& J% I9 g- U- M
Ethernet0/1 is up, line protocol is up/ c4 l0 A& S6 f2 W* G% k5 m) n
Internet Address 10.10.56.6/24, Area 1
; C' d% q; i0 f% ^, g Process ID 1, Router ID 4.4.4.4, Network Type BROADCAST, Cost: 10
- l; _# T' {5 A9 v Transmit Delay is 1 sec, State DROTHER, Priority 1. \( T8 c7 ?+ D
Designated Router (ID) 10.1.1.5, Interface address 10.10.56.5
0 K Z0 x8 W J; ~ Backup Designated router (ID) 10.1.1.5, Interface address 10.10.56.5
- i7 v% y1 ?6 R* f- x' w; R Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 54 ?0 y3 W# e! ?4 R0 K
oob-resync timeout 40
/ G% g% W% P: o9 S( Q/ ~& H Hello due in 00:00:01
. t: b2 a! Z5 k' q# D, t Supports Link-local Signaling (LLS)
6 q0 r- K# e+ o6 N k Index 1/3, flood queue length 0
5 H9 y' v, L5 x& Y- {) ] Next 0x0(0)/0x0(0)' N2 _7 e T X& j% Z, ]+ a
Last flood scan length is 2, maximum is 3! H- a- L3 E4 w) [
Last flood scan time is 0 msec, maximum is 0 msec8 i# a T, L( H& l: F% z9 C% u% G
Neighbor Count is 1, Adjacent neighbor count is 1" n' s! p: o/ s
Adjacent with neighbor 10.1.1.5 (Designated Router)' f2 u: h% g7 E) U- [ j3 }
Suppress hello for 0 neighbor(s)
0 m# g& f Q* R. o- P* TRACK30R5#show ip ospf int e0/0: j% [% y; n s7 }7 [" Q
Ethernet0/0 is up, line protocol is up
& ^. ^( g2 h( S! v, c% a1 L/ P Internet Address 10.10.56.5/24, Area 1
: i8 u5 H+ A2 u, \0 S Process ID 1, Router ID 10.1.1.5, Network Type POINT_TO_MULTIPOINT, Cost: 10( o* k% w; @. P& h& `5 V+ \$ O' ?
Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
1 V/ g; K# i o% g; R# x' | Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
# q# b" t# H, M/ K5 c9 h oob-resync timeout 40
0 k/ k- e+ d" \/ L, B$ m Hello due in 00:00:07: S6 o1 ^! [: ]2 z
Supports Link-local Signaling (LLS)
5 q9 }0 h0 O1 `, J) p6 m) {% u Index 1/1, flood queue length 0
2 i! j* h r1 Q$ `' I" I Next 0x0(0)/0x0(0)4 C0 K- l o/ j2 |
Last flood scan length is 1, maximum is 1
& t/ D6 y; C# Z3 B& B+ A1 ]2 C Last flood scan time is 4 msec, maximum is 4 msec
* s- i8 W6 q. x0 O. {9 M, J Neighbor Count is 1, Adjacent neighbor count is 1. y4 t8 T; g# d3 U, r& P+ e1 d3 ^) L
Adjacent with neighbor 4.4.4.4
7 M0 D& v" c) [ Y% B Suppress hello for 0 neighbor(s)2 N$ ]/ s( Y, {9 V! G, R/ X$ h$ `$ R! |
//从这里,我们可以知道R6之所以和R5建立了OSPF邻居是因为R5的Hello dead time 都可以和R6匹配。0 t' t7 L) l) g' D. d! s4 c
//插句理论:% n7 K) A3 N5 ?# B- x4 H
点到多点的特性:+ L) |+ o" |* p# c" a3 J1 @/ T
1.没有DR概念' x' _0 d6 W/ A( h2 S
2.不需要定义邻居,属于完全邻接
3 o* y6 |: U9 C 3.整个网络使用一个子网2 o v3 G: _+ H( j, r# C" k1 N
4.Hello 30 dead 120 wait 1206 D2 C( Z1 W1 Z# J [8 r# ~/ g
//所以在这里因为R5的定义,使R6认为自己有两个DR,一个是R8,一个是R5,导致虚链路无法正常建立。8 c1 S1 M( s0 M8 s7 ?+ P
RACK30R5#show run int e0/0
% U# b4 h$ e, \interface Ethernet0/0
, c3 a7 L* q2 c$ z% S, Y: F' M ip address 10.10.56.5 255.255.255.0! O- R: R! Z4 v* c6 b" r% n r S
ip ospf network point-to-multipoint) Q) k: p- `/ P: v: Q! u6 d
ip ospf hello-interval 10
; `; N/ ~ o) _& v- l$ A0 g$ |2 g half-duplex
" D9 k$ L7 y; p) b8 O9 |$ {end
8 v! l7 M! l; U2 A( \# b MRACK30R5(config)#int e0/00 z4 }% b+ v8 k3 S2 t2 ~ d5 `
RACK30R5(config-if)#no ip ospf network point-to-multipoint% |! ~- _" ~ t6 O2 U( a& f4 R
RACK30R5(config-if)#
8 }5 m, w# e/ p5 _7 ~8 e. X*Mar 1 00:22:35.471: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
! B6 X" v$ c& |+ w8 s*Mar 1 00:22:35.631: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0/0 from LOADING to FULL, Loading Done% Z, v2 v0 Q- U
RACK30R5(config-if)#do show ip ospf nei
0 X/ |0 D) Q* D/ ^, ^6 w2 qNeighbor ID Pri State Dead Time Address Interface
/ ?2 a- j5 z$ \& Y# Q4.4.4.4 1 FULL/DR 00:00:38 10.10.56.6 Ethernet0/02 ?/ n7 {0 h/ K% l D7 I6 ^4 ~
1.1.1.1 1 FULL/DR 00:00:36 10.10.35.3 Ethernet0/1
; P A9 I& n( A/ q ?RACK30R5(config-if)#
1 r$ g. } J: Z3 G7 _$ o( k//更改过来。 r+ O: t0 ^7 e" t0 x9 C
RACK30R6#3 X( f {1 ` d+ D i$ I
*Mar 1 00:22:35.267: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.5 on Ethernet0/1 from LOADING to FULL, Loading Done( ~* c" e: d; E" m! Q# \2 u2 |2 B
RACK30R6#show ip ospf nei( ~+ t0 b$ S/ y
*Mar 1 00:22:50.891: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on OSPF_VL0 from LOADING to FULL, Loading Done
0 B2 c% H/ x1 L* d- a4 _9 c+ CRACK30R6#show ip ospf nei
2 W: R( H" _. J2 D, x) WNeighbor ID Pri State Dead Time Address Interface" e4 B2 W8 b. X6 c- ^% Z; h# m
10.1.1.8 1 FULL/DR 00:00:39 10.10.68.8 Ethernet0/0, d5 p4 R! p2 T% y& ~8 Y& D
1.1.1.1 0 FULL/ - - 10.10.35.3 OSPF_VL0
0 a+ [# `3 J' s3 w2 T! W3 C10.1.1.5 1 FULL/BDR 00:00:37 10.10.56.5 Ethernet0/15 H1 V- K& i9 `+ Q1 Z3 F
RACK30R6#% p% p# Y' y4 }% E; h! {
//R6重新进行了DR和BDR的选举,并且成功和R3建立了虚链路。去R2上查看路由情况。1 x. \0 Y4 l5 b4 @$ z
: @0 O) t/ y" i, I& j$ KRACK30R2#show ip route
$ @/ j) d& H' s+ o6 K: _ 10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
& E$ p- k/ s8 K: F+ k$ q9 YO IA 10.1.1.8/32 [110/41] via 10.10.123.3, 00:05:16, Ethernet0/0
4 S% K* h1 V% ?' M( EC 10.1.1.2/32 is directly connected, Loopback04 B: v7 d: C9 c
O IA 10.1.1.3/32 [110/11] via 10.10.123.3, 00:05:25, Ethernet0/0
, }# J; @/ o$ h5 \ yO IA 10.1.1.6/32 [110/31] via 10.10.123.3, 00:05:16, Ethernet0/0/ @" i! Q. [. m* F8 g/ n
O IA 10.1.1.5/32 [110/21] via 10.10.123.3, 00:05:25, Ethernet0/0
* p9 ?1 a" Z# v. h- iO IA 10.1.1.27/32 [110/11152] via 10.10.123.3, 00:05:16, Ethernet0/0
' K$ i2 O1 T& }& j, M. XO IA 10.10.35.0/24 [110/20] via 10.10.123.3, 00:05:25, Ethernet0/0
9 W6 u) N- K$ ZO IA 10.10.56.0/24 [110/30] via 10.10.123.3, 00:05:25, Ethernet0/0) y7 y+ k; q% c7 D; m, g
O IA 10.10.68.0/24 [110/40] via 10.10.123.3, 00:05:16, Ethernet0/0) h1 W4 b; N1 \; b" y0 a
C 10.10.123.0/24 is directly connected, Ethernet0/0
- a. [: R5 ^6 ^( E# q- t3 o5 {% vRACK30R2#ping 10.1.1.279 s7 E! m1 Q, [4 A
Type escape sequence to abort.
( H( t" Y& N. v1 |% }Sending 5, 100-byte ICMP Echos to 10.1.1.27, timeout is 2 seconds:5 ^+ W* J4 Y( B2 z, V2 w
!!!!!4 E9 [& b+ V" g. g* y# t9 {
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/77/104 ms
- Q4 m7 Q7 p; B4 K, r$ mRACK30R2#% R- r) j2 [" h9 g1 \6 H
//R2已正常学习到了来自R27的Loopback路由,并能正常通信。(达到了要求,只用一条命令来解决这个问题); H' h0 B6 k3 I% q9 r
3.Source R27 10.1.1.27 should ping destination R18 loopback 1.100.100.100.% B( }! q X* I% Q k+ t# b
RACK30R27#show ip bgp
: Z( \' [( ~) _6 gBGP table version is 4, local router ID is 10.1.1.27
; L; d v0 ?, A% p3 Y! |; VStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal,! N/ t3 z5 j. @4 @# n, {
r RIB-failure, S Stale
t, b/ }. I$ {2 i7 j, [Origin codes: i - IGP, e - EGP, ? - incomplete# N7 f2 g0 e2 J- v
Network Next Hop Metric LocPrf Weight Path g, z" b" |, H: [! }% ]
*> 10.1.1.27/32 0.0.0.0 0 32768 i
; p* S/ @& A( Ar>i10.1.1.31/32 10.1.1.28 0 200 0 200 i
% Z; _& J$ s' W4 sRACK30R27#" a7 d0 E; ?' u( m! s3 [: [5 [
//我们可以看到R27无法收到来自R29的IBGP路由,并且路由到了R31就就无法在走下去。
' I! o) [) }2 k# H. v- O' r0 l//R28调整了local-preference, 但是这不影响路由的接收。
( o% y" K& X/ I//去R29上查看邻居建立情况,去R31上查看邻居建立情况。
9 l! `" b$ |9 U7 Z3 ?9 n2 zRACK30R28#show run | b r b/ H+ L& q5 `) `. H
router bgp 3006 `$ a0 Z' q! O
no synchronization
) ]$ W! \( C2 L k1 ^% f bgp default local-preference 200
2 c+ b* v* y h) F1 _' ~ bgp log-neighbor-changes' P$ c7 J1 U6 C6 M' O9 @/ l) h, c) U
neighbor 10.1.1.27 remote-as 300; E6 S. a7 }7 N% k. F
neighbor 10.1.1.27 update-source Loopback0
6 P: c$ C+ p. t, F neighbor 10.1.1.27 next-hop-self8 ~; i2 k( I) m& s+ N. F
neighbor 10.10.78.7 remote-as 200) i( g, ], i8 B! ^* }
no auto-summary) }5 W, l B/ R8 o% H5 l' B
RACK30R29#show run | b r b
9 ~5 `% t8 I& K" F# J' O% zrouter bgp 300) G7 i B$ o- R; i
no synchronization
7 C8 f$ b. f! s0 N* p! q, T3 k bgp log-neighbor-changes6 E3 z4 g9 _& _% i* ?7 F
neighbor 10.1.1.27 remote-as 300. y$ |3 [2 }: T
neighbor 10.1.1.27 update-source Loopback0* ^! |1 s; [5 s3 h
neighbor 10.10.89.8 remote-as 200
2 B: w+ S" d9 V1 O1 H9 i$ P7 v no auto-summary
& z: A, O! e6 g5 s//我们可以发现R28和R29都没有对自己的Loopback口进行通告。8 Q' Y. C5 P6 g/ j
RACK30R28(config)#router bgp 3005 w/ S5 }/ F2 ?3 X2 }6 }% w# M) e" J
RACK30R28(config-router)#network 10.1.1.28 mask 255.255.255.255
( y$ Z3 R' N4 R, ` d8 m) c- ]RACK30R29(config)#router bgp 300& S1 a" t4 f+ m1 v* q
RACK30R29(config-router)#network 10.1.1.29 mask 255.255.255.2553 }6 [) C" B x/ E8 ~
RACK30R29(config-router)#
0 `. G& M$ R# q5 S$ B- ARACK30R27#show ip bgp
0 K. B. f* C* l& o# y Network Next Hop Metric LocPrf Weight Path
0 c6 X" @9 y1 i7 Q4 c6 f*> 10.1.1.27/32 0.0.0.0 0 32768 i
- e$ e4 g; F* W( Ir>i10.1.1.28/32 10.1.1.28 0 100 0 i
+ J- u9 I$ d4 Jr>i10.1.1.29/32 10.1.1.29 0 100 0 i$ A! e) r# t3 ~+ l+ v
r>i10.1.1.31/32 10.1.1.28 0 100 0 200 i
* N2 N$ q% d: R9 K% ORACK30R27#
" w/ W2 f O- S, P, Q- U& ]//现在R27可以正常收到来自AS内部的BGP信息。查看R31的BGP建立情况。) R0 T+ g0 E; I# l5 s$ a5 Q
RACK30R31#show ip bgp summ
" _6 }+ a$ h ]) y$ U8 BNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd7 Y% q8 r& h5 y' H, E
10.1.1.7 4 200 23 29 20 0 0 00:17:29 33 b' r4 M0 o( _0 a. a, S& i
10.1.1.8 4 200 0 0 0 0 0 never Active
$ y. P6 u6 G) D5 `: F10.1.1.30 4 200 22 27 20 0 0 00:17:25 4
$ ^1 _4 a+ P) ERACK30R31#( j7 C9 Y* E9 `# N: R2 [* s( `
RACK30R31#show ip bgp
8 y. V7 h- U" f1 x5 {# v+ Q+ { Network Next Hop Metric LocPrf Weight Path3 R0 C* ^' q& o8 ]* a' `
*>i1.100.100.100/32 10.1.1.30 0 100 0 100 100 300 500 600 i
. k& u5 F: x! p' {4 i D*>i10.1.1.27/32 10.1.1.7 0 100 0 300 i
! p- O5 U* Z! |4 F& @2 B ^: a3 j*>i10.1.1.28/32 10.1.1.7 0 100 0 300 i) S* r: Z, @& C% [6 w) N( V3 a
*>i10.1.1.29/32 10.1.1.7 0 100 0 300 i
5 Q3 v7 z( E) @9 i. K* i10.1.1.31/32 10.1.1.30 409600 100 0 i8 o7 f- u. T% p" O7 o
*> 0.0.0.0 0 32768 i6 L' l; `; O7 H. V0 I4 A
*>i10.10.18.1/32 10.1.1.30 0 100 0 100 100 300 500 600 i
7 z" v& y. s2 p*>i10.10.18.2/32 10.1.1.30 0 100 0 100 100 300 500 600 i
0 N/ n5 H% ^( S5 D) I: R g* d2 NRACK30R31#7 H$ y, b9 `* m! m5 e) O5 d- J
//R31没有和R8建立邻居关系。* V2 `9 E' }' J' h# Q
(如果题目要求仅仅为了ping通1.100.100.100,那么其他问题就不用解决,只要有路可以正常通信就可以了)
. G8 B$ _+ B$ p- |* p; i1 S//BGP邻居表中,R31收到了来自1.100.100.100的路由,路径的顺序是AS 100 300 500 600。
2 H3 i& \1 z+ x: A3 ` 我们知道R27是处于BGPAS300里面,但1.100.100.100这条路由已经经过了300这个AS。( f Z% z5 ?& K
因此这个路由信息当发送到AS300后,AS300里面的路由器就会把这条路由DROP掉,因为它们收到了一条或许来自于自己AS的一个路由条目。# q' x9 L1 ]$ k# p0 i! ^
RACK30R18#show run | b r b
% R1 n1 y. d8 I$ R, k0 p8 S' e" j4 [router bgp 100, O X# k) J0 H6 s
no synchronization
+ G6 u% ]! M$ o bgp log-neighbor-changes5 |* L8 s0 v1 O3 n
network 1.100.100.100 mask 255.255.255.2554 _- v6 o; ?! S5 E
network 10.10.18.1 mask 255.255.255.255
" D2 y0 g, V( }* _$ P0 { network 10.10.18.2 mask 255.255.255.255/ X- L$ G1 w9 m4 w
neighbor 10.1.1.19 remote-as 100
7 @2 w1 m" J" v: J; W( w neighbor 10.1.1.19 update-source Loopback0
9 c" [' {3 x# d4 x. p! e neighbor 10.1.1.19 next-hop-self3 P/ O$ U+ S* E- q) |* v
neighbor 10.10.183.30 remote-as 200
+ b3 ]8 |1 L" J neighbor 10.10.183.30 route-map AS out' P, ]; ^6 ^! C3 Q5 D$ i* z
no auto-summary$ E: m6 s" s% I; A) D$ S3 ]2 j! I7 {
!+ w& X( |, i a0 L# ]
ip http server
5 y7 h- `% H7 h& s3 kno ip http secure-server
. t6 K6 q! e2 h) ^0 k7 R e s% z!
6 u9 G0 A7 q7 O/ @!1 \ t/ B; K6 b# b5 `2 C9 d7 q
! p, @+ w' e8 S! _1 b+ ]7 R
access-list 10 permit 10.10.18.2
8 h4 ]8 u' d' j+ |( T% uaccess-list 10 permit 10.10.18.1: V' L( o$ x0 _% d( v$ K, |
access-list 10 permit 1.100.100.100
+ R1 R- ^* K! f" a6 H!
) b/ x# P, S9 ^$ Y& Nroute-map AS permit 10% Z5 P6 U5 ]' `% ^- c9 B& n
match ip address 10
, z* u" M/ E9 Q7 i set as-path prepend 100 300 500 600; c9 V2 E% {! i# z
//我们在R18上发现了1.100.100.100的起源路由器,并且通过route-map对路径进行了设置。
7 ~, [) b. ^0 ~3 V* a7 ~//为了不要更多的更改路径属性,所以我们仅把这个AS300给NO掉就好。# o5 l: e7 I3 S+ q/ B# k- L
RACK30R18(config)#route-map AS permit 10* @( R: C4 d0 K/ h9 h) U
RACK30R18(config-route-map)#no set as-path prepend 100 300 500 600
`/ t; d5 k) @: ?0 ?9 aRACK30R18(config-route-map)#set as-path prepend 100 500 600
6 y. X, i0 X4 v( y/ u6 RRACK30R18(config-route-map)#
4 n% u) [5 O5 j; ERACK30R18(config-route-map)#do clear ip bgp * so
4 ?8 I; ~4 t8 J. w2 P2 q% {//配置完成后,清一下路由表,让BGP路由信息尽快生成。
: B+ f3 ~* r8 S//去R27上面看一下BGP路由表情况。% R7 m# i8 x8 D' t7 e: I& x
RACK30R27#4 c: v! l+ M( _% x3 |4 x& T7 m9 b
RACK30R27#show ip bgp, ~; a8 p% \% I0 s
Network Next Hop Metric LocPrf Weight Path
3 P4 v# j3 x/ j8 F V8 w6 k1 A*>i1.100.100.100/32 10.1.1.28 0 200 0 200 100 100 500 600 i
7 c( m- O0 V# C* h; Y! F*> 10.1.1.27/32 0.0.0.0 0 32768 i
* V; M L7 z' b6 u4 {r>i10.1.1.28/32 10.1.1.28 0 200 0 i# O# X! g3 h6 f0 o) r7 f. H7 w
r>i10.1.1.29/32 10.1.1.29 0 100 0 i
9 ] p8 ]+ V; c, jr>i10.1.1.31/32 10.1.1.28 0 200 0 200 i
) Z* P# U4 n' A. P0 p; n& R% s*>i10.10.18.1/32 10.1.1.28 0 200 0 200 100 100 500 600 i& l' l6 H1 z( a; q) H( u
*>i10.10.18.2/32 10.1.1.28 0 200 0 200 100 100 500 600 i
$ H& j; K& x" sRACK30R27#8 A! o# Z5 y) S- _0 D( o5 a% Z
RACK30R27#ping 1.100.100.100 sour 10.1.1.27
& Q" U' }) S5 X2 nType escape sequence to abort.
0 G8 R5 G4 H: x( f& {% B- C. t, dSending 5, 100-byte ICMP Echos to 1.100.100.100, timeout is 2 seconds:( a3 }* V' T) f$ h
Packet sent with a source address of 10.1.1.27# J7 I7 ]+ P) }& t4 X
!!!!!
2 ?' p' c1 _# I6 R" ]5 a2 w4 L2 cSuccess rate is 100 percent (5/5), round-trip min/avg/max = 56/112/156 ms+ V" C$ ~! C$ O' U7 P
RACK30R27#
9 y. B' }+ A; E+ O# J% o( W4.R9 should use loopback 10.1.1.9 to telnet 10.1.1.10(pls do NOT remove and modify any command ).' q7 @: p( s8 Q8 x# X
R10>" H/ v8 A. z) Z Q) Z
*Mar 1 00:00:38.355: %PIM-5-NBRCHG: neighbor 172.16.14.26 UP on interface Ethernet3/0& j1 S6 }) Q* w3 V! X5 g
*Mar 1 00:00:38.367: %PIM-5-DRCHG: DR change from neighbor 172.16.14.25 to 172.16.14.26 on interface Ethernet3/0
- b7 E$ M l, v: d. bR10>
! k. m6 Y |+ t*Mar 1 00:00:50.327: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.9 on Ethernet3/0 from LOADING to FULL, Loading Done% w8 c3 r% y' k: W1 m, b3 w! {; j
R10(config-line)#do show ip ospf nei
$ T7 y; U! X) I/ `5 a8 m6 hNeighbor ID Pri State Dead Time Address Interface
, G8 Z, ]1 x" b) X10.1.1.9 1 FULL/BDR 00:00:32 172.16.14.26 Ethernet3/0
( U o, ~- Q9 x//开启R9和R10的时候,出现了以上提示。首先确认R9和R10的邻居是否正确建立。
8 t6 G) [+ {; k1 s$ @//然后查看R10的VTY端口是否配置了某些阻止TELNET的命令。: [: ?! b9 d9 i
R10#show run | be line
. g( f% J5 Q7 V& S7 |) k6 F. hline con 0
c3 I" ]7 ~# }1 c- ?' N2 C& o exec-timeout 0 0
) R6 \( Q" Q' s8 W! v" { password cisco
; M. h& G4 | L5 X8 d( x: T logging synchronous! }/ d n1 ^8 m1 o, s" Y0 I
line aux 0
* X4 J+ M4 Z3 f2 k: H/ J2 l6 F# Nline vty 0 4& R$ T' O4 R, U& P9 }
exec-timeout 0 0
( h2 |5 d1 m$ n$ |. {: q H password cisco8 o6 W# `' B* x5 [" \$ j
logging synchronous
* `) u U" ^+ U0 u login
# R4 [) O) ~& @ y1 Z4 L transport input none
, U! @) F( J6 V- H8 M0 Z$ Q!- r' q- i; f3 M) a: p
!
, G+ B# O- i, |1 O1 w: J8 Lend5 J" _3 q N$ s" o8 L/ f
//通过VTY进入的时候,没有方式允许。. \$ x( G# C4 w# u
R10(config-pmap-c)#line vty 0 4
" l" p6 R$ I+ y# f" ?- _R10(config-line)#transport input telnet
# B5 B$ u H, H" q, V) F- A; }' R s4 {4 s* N5 ~
//查看R10的访问列表,是否执行了阻止。
' j/ \% i, ~! }+ p/ S( ^R10#show access-list
Y+ v r' R3 ?; f q( u" bExtended IP access list 100
/ ?$ f! ^6 G! Z 10 permit tcp any any eq telnet (12 matches)
; |/ K: V. o5 |* Y6 z% C$ `( `R10#show policy-map
( R, H: N2 v4 X$ X* O Policy Map TELNET
8 \) _/ a9 r! ?+ [ Class TELNET
, N& L: s( G9 P drop
7 J; g6 ^; L2 v, N! B/ u& w Policy Map marking
3 S/ X; C$ A' F9 P" p! _//因为题目要求不能删除或者修改现有配置,但可以增加新的ACL。
8 Q8 H: E* r9 U) U! G8 h2 a" t 因此我们就按照现有的配置增加新的ACL,让其匹配policy-map。
+ F9 T& P4 `3 }/ qR10(config-ext-nacl)#do show access-list
c! V7 a5 c0 {* n8 C* w* mExtended IP access list 100- Q g+ J; Y4 |. N
10 permit tcp any any eq telnet( C8 [* c) W0 x+ k. `+ A" C1 E3 t
R10(config-ext-nacl)#
0 f4 r* X* d7 Y& N1 ]# t1 q//我们在此插入一条,acl 5上去,让policy-map先匹配更精确的5,从而不匹配10 的那条ACL。
. N. n2 B& N' W/ `, F2 x0 F9 HR10(config)#ip access-list extended 100# v" d! ]) z/ F# N3 I9 u4 V; J
R10(config-ext-nacl)#5 deny tcp host 10.1.1.9 host 10.1.1.10 eq telnet
" a2 Q1 c& S* A Q5 NR10(config-ext-nacl)#do show access-list: a8 G' F$ S. g% Q
Extended IP access list 100& P9 [* f" m9 J C% K2 Z% \. n
5 deny tcp host 10.1.1.9 host 10.1.1.10 eq telnet
, e# Z. n) q. O; [7 J X 10 permit tcp any any eq telnet* x7 ^4 C0 g, E3 N: }1 ^9 F" e. ]" w
//进行telnet测试
5 K% U6 t/ h6 n1 h- T, ?R9#telnet 10.1.1.10 /source-interface loopback 0
- o+ H, k6 s( |- ~) C3 \7 h; FTrying 10.1.1.10 ... Open( P- ?+ D' l" L# \' J
& E$ f& k) X; i- X3 g- t
User Access Verification
% D3 \% Z- I* NPassword:
) H B. @' @/ R/ e: X# gR10>exit
+ Q1 R, i6 k3 Q; N0 [& U' a- @/ A5.R15 should ping R13 and R14.
0 L5 }% g& g$ _8 {. U9 yR15#show fram map
! c9 v) I9 u; [% ?( PSerial1/0 (up): ip 172.16.13.2 dlci 314(0x13A,0x4CA0), static,
: G& ]* B& f* L0 _ broadcast,
7 \+ e; J# I& }6 P4 Z; |# U y$ i! i0 q CISCO, status defined, inactive3 Y. w f9 N; C8 j4 O7 J0 B
Serial1/0 (up): ip 172.16.13.3 dlci 315(0x13B,0x4CB0), static,
" [. D- w0 m" @2 R5 o broadcast,
3 D( I( ^9 j: }: v CISCO, status defined, active
% O7 S* v0 G2 O6 aR15#6 Y8 }$ s P- Q ~
*Mar 1 00:01:14.959: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.13 on Serial1/0 from EXSTART to DOWN, Neighbor Down: Dead timer expired
# L8 }( A+ ~$ K. U& T*Mar 1 00:01:15.067: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.15 on Serial1/0 from LOADING to FULL, Loading Done
- V# u& z; f& pR15#show run int s1/0. E Z1 K. l& ?6 g
interface Serial1/0
' G9 n3 @+ I5 ?4 h" m ip address 172.16.13.1 255.255.255.248
& M1 d: c1 Q5 z: C1 K encapsulation frame-relay
2 @3 p% ^6 Q9 n) v' }4 @4 A# a n ip ospf authentication message-digest* i$ q0 w7 m6 `0 J. z# d/ L. m
ip ospf message-digest-key 1 md5 cisco
& C9 k7 d/ I; i, i, H: ^6 I ip ospf network broadcast
1 D) e7 |! }5 z/ I5 F: w5 g" U; {2 O serial restart-delay 08 N2 v: ?$ u6 x- l% X. p
no fair-queue
! F+ D" E9 ^! ?6 N! | frame-relay map ip 172.16.13.2 314 broadcast
3 l5 u" w1 ]. b; b6 h frame-relay map ip 172.16.13.3 315 broadcast
0 Y3 Y1 H) D/ z frame-relay lmi-type cisco
; S( e# I- J- D. Lend
! T0 G% w' f! [& A# r; w6 eR15#8 D" V. o- r6 n8 Z8 v
//在R15上查看frame map可以知道R15和R14成功建立,但无法和R13建立。 u+ w: V) {6 }% ?
R14#show fram map
4 _( S% ]- ] ^( u1 r$ ?6 G0 y1 ]! ESerial0/0 (up): ip 172.16.13.1 dlci 351(0x15F,0x54F0), static,4 B; k! K' n" _1 R, X: F' k, J
broadcast,
" t/ Y k6 g; ]# D8 S6 W CISCO, status defined, active
+ i a$ P& ?# q& }2 m! X0 kSerial0/0 (up): ip 172.16.13.2 dlci 354(0x162,0x5820), static,
% V: ]* M B: ~9 \3 ]7 H; b, ^ broadcast,
/ w# \- N5 [/ {0 _; u7 Q CISCO, status defined, inactive
6 v, b/ O! s# QR14#show run int s0/06 S2 n4 R5 |( ~0 `& G& I
interface Serial0/0; b- H% B) q* C4 V7 x
ip address 172.16.13.3 255.255.255.248
8 i+ o- e6 u C: E4 } encapsulation frame-relay+ B, }1 C( ]7 _# z. d7 C
ip ospf authentication message-digest6 H1 \! x& f. [9 H5 `) X
ip ospf message-digest-key 1 md5 cisco
# M y! ]3 I2 f+ f: T$ c/ i ip ospf network broadcast
4 T c$ {" q4 e. ]- | serial restart-delay 0) Q* f( x$ y8 G' a
no fair-queue
4 D- ~/ n2 @6 { frame-relay map ip 172.16.13.1 351 broadcast
( J3 y4 n% y b" ?% n9 v frame-relay map ip 172.16.13.2 354 broadcast
- s6 V- D# _' }, F9 r1 i frame-relay lmi-type cisco& l. W8 K$ I, \
end
3 N$ @ I j6 m4 s Z1 J, E DR14#+ D- N. [& a1 a* V
//在R14上查看frame map可以知道R14和R15成功建立,但无法和R13建立,所以问题直接上R13去查看。- k- Z$ ^, t6 D8 B# T' }
R13#show fram map
! t9 y- D3 p7 W4 cSerial0/0 (up): ip 172.16.13.1 dlci 341(0x155,0x5450), static,
- o7 J: s3 l6 c I/ n broadcast,
* M4 g4 J/ S7 C; Y8 F* l CISCO, status defined, inactive
( ~3 k: z( |8 i. h% f. ]) w% hSerial0/0 (up): ip 172.16.13.3 dlci 345(0x159,0x5490), static,
p+ _! ?7 W. p' V broadcast,
+ ?$ m) e- J0 ?- S CISCO, status defined, inactive
, }' Z- Q L/ t! O5 G: {R13#
+ H4 q( A8 c; y' @8 XR13#show run int s0/0% Y7 K; f5 ~- E6 `# U5 T. D9 `
interface Serial0/03 i& a7 A$ T0 C. [! a
ip address 172.16.13.2 255.255.255.248! U$ U% X9 e) b! z/ h, ]' V6 H
encapsulation frame-relay
m* ?( @+ P* n- O% W6 F ip ospf authentication message-digest3 g7 N& T9 s. ~7 ]+ ~' T
ip ospf message-digest-key 1 md5 cisco& Q% v* ^ N' f }
ip ospf network broadcast ^8 w1 b' K( B' t. r
ip ospf priority 2555 ~+ g% H1 G) l' Y; Q- J
serial restart-delay 02 U/ S# w* n1 w% |* W" W0 G
no fair-queue8 }8 L/ p1 [5 j4 u# L$ g
frame-relay map ip 172.16.13.1 341 broadcast
: C, L; x) p0 r# \" B! s frame-relay map ip 172.16.13.3 345 broadcast
( b8 n/ i/ z: h$ z6 |+ b1 _5 \ frame-relay lmi-type ansi3 K# F; W( I( ^" Y# q
frame-relay intf-type dce8 ?8 w9 `1 `& m; E7 S E7 U' A
end& L+ Z6 g( ~7 b' P# C/ A
R13(config)#int s0/0
, h/ _9 Z5 b2 g: h9 L+ R1 JR13(config-if)#no frame-relay intf-type dce9 K Z+ O. {: c, h2 F! ~
R13(config-if)#no frame-relay lmi-type ansi( y4 z7 q7 n' v
R13(config-if)#' }$ p9 _* {4 `; W' r9 ~3 X
*Mar 1 00:04:07.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
' J, N+ e$ U' G0 F/ y7 P7 ~9 z7 LR13(config-if)#do sh
9 z/ Y6 }. `$ V/ a. v3 \* X*Mar 1 00:04:36.947: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.15 on Serial0/0 from LOADING to FULL, Loading Done, |0 ^1 }1 r" N- F' o6 I2 X$ h
*Mar 1 00:04:37.283: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.14 on Serial0/0 from LOADING to FULL, Loading Done! D2 {1 J9 V; o2 G R8 O M
//假设FR无法进去配置,那我们有应该让删除所有帧中继非默认配置,好让frame-relay自动协商成功。; {9 Y+ y; W8 T" m+ c% T
R13(config-if)#do show ip ospf nei
) c0 N/ e; `! HNeighbor ID Pri State Dead Time Address Interface
4 Z5 }/ d+ U1 h U3 y10.1.1.14 1 FULL/BDR 00:00:38 172.16.13.1 Serial0/0$ s$ w7 D/ p! E8 {7 Y# c/ g
10.1.1.15 1 FULL/DR 00:00:38 172.16.13.3 Serial0/0
% h3 q1 [. ?9 _. r/ @% _" t" @R13(config-if)#* K! Q/ O- m5 D2 s, x
R15#ping 172.16.13.22 b- y/ [6 ^5 o3 r
Type escape sequence to abort.
' `+ {5 m; T6 ~9 Q% p, xSending 5, 100-byte ICMP Echos to 172.16.13.2, timeout is 2 seconds:+ n7 A0 ], H5 \8 m V
!!!!!. e7 |( x6 c! H6 J( f( Q
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/44/60 ms
3 ^" s; }8 z- a6 _" m) o, y9 cR15#ping 172.16.13.3
7 b! K( o6 E* m+ J* r8 N( SType escape sequence to abort.
- C' \0 S9 @7 M9 V: U: s, ^2 e- {Sending 5, 100-byte ICMP Echos to 172.16.13.3, timeout is 2 seconds:5 n8 ^8 u3 \: X! g( a
!!!!!6 ~1 D! X& J% F1 [# t' q: @; M4 Q
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/42/64 ms0 ^: m5 S( V3 D9 z7 g
R15#
% I6 p5 I. g! [# e6.R24 & R29 should ping R10 FTP address 10.1.1.10.* n: ~) s7 z U, [& F* u' `
//这个题目包括了很多意思和内容。' y2 c1 e) u: D( D" y4 T1 \
首先是R24的问题,R24有个EIGRP负载均衡,是否需要解决,取决于题目的要求。: f' Z) c" n* K7 E8 y% E+ m
在这里我会解决负载均衡的问题。 F& I. X" h' T, s+ }; R
其次,R24和R25中间的帧中继问题。
. f, c5 v. ?3 @1 _ 再次,R25和R29的串口问题需要解决。2 f$ C2 M" W2 @2 X& Y
最后,R13到R10的链路,是否可以正常通信,是否有访问列表阻止。, K1 [9 q# n5 n$ T, J6 s5 W% m0 R
solution1:R24 和 R21 负载均衡问题。(与第七题一样,这里提前解决)
! J! d8 Z. a; Q4 l5 M eR15#show ip int br+ j& r8 W0 V8 T3 a
Interface IP-Address OK? Method Status Protocol) T* a+ g9 _$ n; k
Ethernet0/0 172.16.13.29 YES NVRAM up up
. Z) t8 Y' f- f//这个接口是连接EIGRP的接口。
- l* G" ^, y2 XR24#show ip route
$ X+ Q3 I7 j+ B9 a2 K& L 172.16.0.0/16 is variably subnetted, 7 subnets, 3 masks
6 G7 p6 k9 @9 ]- v5 o/ ]& UD 172.16.10.16/29 [90/307200] via 172.16.10.11, 00:06:15, Ethernet0/02 U3 {) U+ d6 }. t7 y6 r! Q
D 172.16.10.24/29 [90/307200] via 172.16.10.10, 00:06:19, Ethernet0/0
* G; @8 R7 d( F' I' K$ F//到达R21的路由通过R22和R23过去,R21 E1/0是.26/29,所以该子网内的主机是25-30。
# `% `4 Z, }2 |- P2 r' L, U7 u R21 E2/0是.22/29,所以该子网内的主机是17-22。0 ]6 \' o& ]% j" ?" u L8 y
因为地址不重叠关系,R24去往R21是通过两条路由标识。
+ s# ^- m" P( }0 M 查看R21的接口配置,看看R21返回R24的路是否负载均衡。
# T0 K* J' ]4 L5 r# oR21#show run int e1/02 \( A0 W+ z& h% [4 N+ @* {
interface Ethernet1/0/ B8 Z: G: ?0 W+ n* q
ip address 172.16.10.26 255.255.255.248
7 m& G( ~! c5 |' c half-duplex; y3 J4 [% P) x* ~, f6 S' P2 A
end9 R( \+ m) M+ Q8 n8 e. l+ S
R21#show run int e2/0
2 I( v }, N( h; E' iinterface Ethernet2/0" M: v" \7 J9 {8 z# b5 h5 F$ o
bandwidth 1000000, k4 [" S7 X7 ?% `- w
ip address 172.16.10.22 255.255.255.248
" T6 f& E7 w4 X7 V* I3 R- S8 d half-duplex
$ e3 m, v' E- d* \# R- c5 cend& I; o7 {- j- u% [9 d
R21#
$ h$ [$ B+ ?+ A5 N//可见R21对R23的端口做了带宽的设置。
6 }" B3 l, K7 r. B: d+ a, c1 H( kR21(config)#int e2/0
! h4 c3 }9 z6 LR21(config-if)#no bandwidth 1000000* c$ O' H8 a5 U8 J
R21(config-if)#& K( s4 B, i7 A6 L) m- J
R21#show ip route* ~" C$ U/ H) Z. _/ ~/ Z( q
D 172.16.10.8/29 [90/307200] via 172.16.10.21, 00:00:05, Ethernet2/0
3 Y) O0 t, Q! g1 g: A4 B4 O//去往R24的路径还是没有变化,其他设备查看接口配置情况。+ e) f* V; X' X& R4 d8 q+ c
R22#show run int e0/01 f# c- y4 A3 E6 s
interface Ethernet0/0
0 q; |0 C# j# a( D ip address 172.16.10.10 255.255.255.2485 t2 X9 ?8 \& a5 I/ X
delay 200
0 @$ R# G7 A! E" l1 Q& t6 u/ f half-duplex; v: m- W' P2 L/ _
end
4 J! Q5 C' h; H) `' b- B) E) y7 kR22#7 H0 Y# Z4 r3 ^- R2 |
//在R22的接口上面做了延迟,解决它。
1 Z, j5 f! `5 m4 O1 OR21#show ip route
% t' ]2 ~1 x, Y4 [3 Z3 |D 172.16.10.8/29 [90/307200] via 172.16.10.27, 00:00:03, Ethernet1/06 g# p1 H r% Z0 d) Z2 o5 t: }: r
[90/307200] via 172.16.10.21, 00:00:03, Ethernet2/0+ u {& g: N' i9 j
//现在可以实现负载均衡了。
4 e9 D# ^" z) P# vsolution2:R24和R25的帧中继问题(以前是帧中继问题).
, }3 Y8 d# I, D4 ], \8 O( u/ l9 G DR24#show fram map5 E, y# t! c# f* {6 _) V
Serial1/1 (up): ip 172.16.10.77 dlci 809(0x329,0xC890), static,
% G8 I% u/ } K+ z/ e! q( F& I- C) @ broadcast,
1 ~9 H' |2 o- | i# t* k7 n1 I6 V CISCO, status defined, active
1 c4 C$ Z# I+ h2 D. SSerial1/1 (up): ip 172.16.10.78 dlci 809(0x329,0xC890), static,6 ~- k- |" S' X# x* a! k! ^& A7 S( `
broadcast,
. y+ ?- f9 ~1 [7 M CISCO, status defined, active
/ k, M( |: `; LR24#7 D4 |: g1 C* L8 `
R24#ping 172.16.10.78
) Q% e! O: l' f* g7 \5 | j# EType escape sequence to abort./ t* q! x: T0 g' W$ B" a
Sending 5, 100-byte ICMP Echos to 172.16.10.78, timeout is 2 seconds:
2 x6 p/ _6 ]9 n- K% ^2 w2 w0 S: u!!!!!
9 k! a% W) G: P' T& aSuccess rate is 100 percent (5/5), round-trip min/avg/max = 20/36/80 ms! H7 V0 D: g& B1 A$ K: P
R24#ping 172.16.10.77- h1 d, H& m+ O5 ?
Type escape sequence to abort.
6 W0 d! F. o3 `Sending 5, 100-byte ICMP Echos to 172.16.10.77, timeout is 2 seconds:" U: m0 i0 E+ r1 g. ]+ b
!!!!!
' I1 V+ B% R7 Z( E) A4 mSuccess rate is 100 percent (5/5), round-trip min/avg/max = 40/62/88 ms
3 c2 Y4 B) e, M5 @+ [8 T7 r, wR24#
3 D' J3 j7 d6 i5 tsolution2:R25和R29的Serial 问题(以前是MPPE问题).
- w; p/ i7 y# s, `7 F7 zR25#ping 172.16.9.2
/ `9 ~& {9 x; g- |Type escape sequence to abort.6 x2 E3 q2 Q! ^' v; u/ c
Sending 5, 100-byte ICMP Echos to 172.16.9.2, timeout is 2 seconds:3 k" z8 f% @* m U1 e! R# r. W3 U
!!!!!7 |! c% y" e; N+ V$ ?- T. Z
R29#show ip route% A3 ?, }( O6 N
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
4 a3 S3 T$ r+ Y( `* lC 172.16.9.1/32 is directly connected, Serial1/0
7 u# V% t+ v7 L' _9 jC 172.16.9.0/29 is directly connected, Serial1/06 ~# T& R" L8 K) T5 r
192.168.20.0/32 is subnetted, 1 subnets
' `9 w& {0 ?( x$ W% s1 y; yC 192.168.20.1 is directly connected, Loopback1/ c6 l% o3 I! L- q. \
10.0.0.0/32 is subnetted, 1 subnets" k2 k# i" s- z$ \/ r* H- u
C 10.1.1.29 is directly connected, Loopback00 ]8 T: @" D# P1 W
//R29只有直连路由,并没有学到EIGRP内部路由。检查协议情况。0 E" ~5 C: M9 ]
R29#show ip pro; d8 ~7 }9 w! Q! g0 |* ? L
Routing Protocol is "rip"
. l G6 O5 w# \# } Outgoing update filter list for all interfaces is not set
7 d+ x x: B! l' p Incoming update filter list for all interfaces is not set' @* s+ P. b5 Q0 X
Sending updates every 30 seconds, next due in 20 seconds
( l: V8 p3 T5 L2 L5 Z Invalid after 180 seconds, hold down 180, flushed after 240
: f$ \* h8 J6 F Redistributing: rip0 W0 ^' a' C4 g$ \5 t) T3 R9 c: @
Default version control: send version 2, receive version 2
+ K% n# U1 Z! r S8 l" Y2 H) T Interface Send Recv Triggered RIP Key-chain& ?' R( _. l2 c ~1 C2 c: A1 Q9 e
Serial1/0 2 23 D: I2 P& F6 o, p
Loopback1 2 2
" |' a8 ?1 e% J: ^. ~* Q" J, g' Y4 [ Automatic network summarization is not in effect
9 U, z- k- q# `) y+ Q Maximum path: 4
6 ^1 F4 b4 S" p4 Y, B9 x Routing for Networks:
5 o4 m9 w. i4 `4 I0 r, V( w 172.16.0.0
) x: \' x* c W4 m 192.168.20.05 V; U2 _/ }% `, K G8 V" A- e
Routing Information Sources:5 R3 T8 z# I) Y; [5 W9 \
Gateway Distance Last Update: A3 V# O# `0 w4 S; z
Distance: (default is 120)% N3 k7 A% Z! m3 H/ O3 H* F8 |
R25#
: _4 Z# U0 j/ B5 kRouting Protocol is "rip"+ `3 \9 y! x3 g
Outgoing update filter list for all interfaces is not set
+ a# a% H! f U h3 x* z! r( U8 t Incoming update filter list for all interfaces is not set
& X+ x# P, u1 S: u Sending updates every 30 seconds, next due in 14 seconds4 V- H7 Q, ?) b! `6 n0 a$ |
Invalid after 180 seconds, hold down 180, flushed after 240
2 h- V4 Q6 s( k6 f Redistributing: eigrp 200, rip
& J- @6 R" U% \5 L; Q, m Default version control: send version 1, receive version 1; x8 N6 f7 N& |3 k' b( u
Interface Send Recv Triggered RIP Key-chain+ e0 D% e: `7 B9 R: ]7 ~4 Y
Serial1/0 1 12 ] F0 Z, x4 f8 [4 J- T& e
Serial1/1 1 1% N& _' Y; H2 c
Automatic network summarization is not in effect& y# x3 ?) H; j- v3 P D% ^( A! x4 t
Maximum path: 4
8 F6 J; D! a. b- I Routing for Networks:7 e+ ]; Q7 F6 C- I) h: C& }
172.16.0.0
5 M3 c+ n: H% m }# d Routing Information Sources:
# h1 S+ y. r" L; ^% e" M Gateway Distance Last Update
* ~) q3 r& A1 n/ B' t0 O' R Distance: (default is 120)
* m6 r# p2 C1 n LR25#9 F, G7 s" }" ^2 A, X: q* [. d
//R25和R29发送和接收的版本不一致。
+ u5 w, Z% k+ m+ W" M/ hR25#show run | be r r
: f: ~& i- d# J% v9 L1 _& Z9 Hrouter rip( {! W$ ^( t( b/ T" {- i0 q& Y- g
version 1
/ d( _# R1 Y7 T redistribute eigrp 200 metric 2, H# ]: U" ]- j) E
network 172.16.0.00 h- T4 F" b3 u5 _' I( J
no auto-summary
6 l. S: d* c5 L0 \$ ~1 ~& VR25(config)#router rip
* I- Y% T% x Y& M5 W9 M/ oR25(config-router)#ver 2, U3 t6 ^' u4 `+ \$ f% x& F
R25(config-router)#
( V [! V* e UR29#clear ip route * //加快刷新路由表速度。/ _# ?) H$ J9 J$ M+ a
R29#show ip route
# u3 @0 N8 b+ n7 L 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks; K, B2 O% R- q; [$ }: W! c* U3 s
R 172.16.10.16/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
% Q, g9 T! Q3 ]: W- RR 172.16.10.24/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
: \8 l# X4 |. L3 y0 a1 \+ ]3 L9 fC 172.16.9.1/32 is directly connected, Serial1/03 j! u# g8 b, e" J0 u
C 172.16.9.0/29 is directly connected, Serial1/0" U/ {8 d4 I; r2 F
R 172.16.10.8/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
5 |' r% T6 t$ [& M. e& OR 172.16.10.72/29 [120/1] via 172.16.9.1, 00:00:01, Serial1/0+ Y) X$ W6 u$ r, L" C
192.168.20.0/32 is subnetted, 1 subnets
1 S. s( W. J% s# kC 192.168.20.1 is directly connected, Loopback1: v2 @" l4 b+ O# X3 l& E3 F* T
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks7 w! u: j& H7 E1 I$ K* W1 N, [
R 10.0.0.0/8 [120/2] via 172.16.9.1, 00:00:01, Serial1/0& L% { N \" [" c( q; M
R 10.1.1.25/32 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
% {7 F- j, f5 N `1 k* U7 AC 10.1.1.29/32 is directly connected, Loopback00 r0 \, t/ |4 l/ l( K
R29#* b7 ~1 e) g) S/ B e
//R29目前只能ping 到R21的EIGRP端。
1 B6 x9 w9 E% J! n1 k" d 检查R21的重发布问题,为什么EIGRP收不到来自OSPF的路由。
% p, o% K- M) j7 i* Z. l/ XR21#ping 10.1.1.10 //R10的Loopback口
6 B* H, {. B$ u3 T4 P5 F7 JType escape sequence to abort.
9 z! q" a2 B1 o1 j1 GSending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:7 l3 W5 e. e" ?% ?5 X, v% A
!!!!!: i9 w% y( I+ B6 o" x, }/ ?. i/ Q
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/67/80 ms
$ L0 c( ~) b' R5 Y+ N. IR21#ping 172.16.14.17 //R10的物理端口
; E7 ?" _ w) k; d3 kType escape sequence to abort.
$ C; l; l6 I& Z8 ?1 k( BSending 5, 100-byte ICMP Echos to 172.16.14.17, timeout is 2 seconds:9 P( H0 _, C3 m, Q$ ^9 ?
!!!!!$ f9 P8 S% c( L8 d m% T: R
R21#show run | b r e3 e- P7 {1 G, X
router eigrp 200
, ?' G$ w5 P* g" Y# d& F redistribute ospf 1
2 ^ J. X- Y& H5 h2 G! \$ {2 z network 172.16.10.22 0.0.0.0
2 G$ w c, e- ?8 ^. m$ e! J% K* `/ } network 172.16.10.26 0.0.0.05 U+ H o; s+ `
no auto-summary
$ |9 V- t' \/ [$ l0 H& u!& ~/ h L; c4 a/ \0 n( C" ?
router ospf 1
8 ?- ], k- n; N$ ? log-adjacency-changes0 j6 H, V2 W/ W
area 1 nssa; B+ z; S5 r8 H
redistribute eigrp 200 subnets
( O2 X. Q& [/ `6 m$ j! K network 10.1.1.21 0.0.0.0 area 15 i! L( S, l# c7 i: K8 a* ?
network 172.16.13.30 0.0.0.0 area 11 e3 y) Z+ Q$ k& x0 j; f
R21(config)#router eigrp 200+ Z; v4 \9 E; l8 n
R21(config-router)#redistribute ospf 1 metric 10000 100 255 1 1500: A: l( l9 V* e$ p
R29#show ip route
0 X$ i! m+ T( s% W- U) F172.16.0.0/16 is variably subnetted, 14 subnets, 2 masks
8 d! _6 x$ Z- bR 172.16.14.32/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0% w: R' f d t- V4 j& \+ l
R 172.16.14.40/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
+ D$ J" x9 M) H3 {R 172.16.14.16/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
& E( Y: c/ ]- X/ e, X. h, W: s* u$ NR 172.16.10.16/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
% A5 b" j' Y0 [9 |( ~6 jR 172.16.13.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
! r- J6 M* Q& z( L4 E! z4 }R 172.16.14.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
2 K* n8 c) {5 R7 O5 o! w! nR 172.16.10.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
9 _" J+ }( G- h! a# f* C( H% I1 yR 172.16.13.0/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/08 k K. S8 q9 Q3 O: F7 ~
R 172.16.14.0/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0& H! U) t5 `4 O N3 ~
C 172.16.9.1/32 is directly connected, Serial1/0
1 i( S2 P1 e" t" W, LC 172.16.9.0/29 is directly connected, Serial1/07 g$ |$ u5 u F) }4 ~+ ]9 G
R 172.16.14.8/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
) ~' ?9 B2 x8 n) ?4 N6 ?R 172.16.10.8/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0% r3 a V; D9 ^: a* F
R 172.16.10.72/29 [120/1] via 172.16.9.1, 00:00:01, Serial1/04 @1 I3 v4 `3 ~, J3 A: s0 N
192.168.20.0/32 is subnetted, 1 subnets
% q* Z- \1 g0 TC 192.168.20.1 is directly connected, Loopback1% H q9 ^5 c7 X; @: N; H
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
2 k' |* W9 J& g0 q0 ?R 10.0.0.0/8 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
8 T0 b6 a B# e8 I3 m$ rR 10.1.1.25/32 [120/2] via 172.16.9.1, 00:00:01, Serial1/02 @4 |# b% N1 p+ }
C 10.1.1.29/32 is directly connected, Loopback0
4 N# i( B% a0 iR29#ping 172.16.14.17- U4 z5 p" f/ N- Y
Type escape sequence to abort.
3 j& H: `9 q! q1 J# Q zSending 5, 100-byte ICMP Echos to 172.16.14.17, timeout is 2 seconds:5 U1 Q4 S" F) B2 M! H% [. p1 r* g- R
!!!!!
1 }8 Q' T1 K8 K4 k4 w1 Q" r' Y1 \' c/ TSuccess rate is 100 percent (5/5), round-trip min/avg/max = 64/95/160 ms
/ Y' |& ?: ? h/ s6 I. r% lR29#ping 10.1.1.10
, a) Z" V* m. N$ E, x2 j: J' T/ EType escape sequence to abort.
$ h0 j$ V X( ]% I3 P5 E |* `2 D8 SSending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:; d* K7 q$ t1 F% a1 o1 g
!!!!!
( y+ O; Y" s& pSuccess rate is 100 percent (5/5), round-trip min/avg/max = 64/108/148 ms& Z9 d$ e, }7 ]0 f. l# s/ x$ W
R29#$ e) c; z, H1 `0 ?' ]
7.R24 forward to FTP server 10.1.1.10 should come true bidirectional load balance.5 T2 h# D, r' m7 [, X* H
R24#show ip route1 w, F v" C5 f+ z8 s1 s
D EX 10.1.1.10/32 [170/332800] via 172.16.10.11, 00:07:18, Ethernet0/0" k5 F; H' T$ p+ h& q
[170/332800] via 172.16.10.10, 00:07:18, Ethernet0/0
' H% ~$ G: T" X4 k3 Y; {2 s% C$ yR21#show ip route0 G% Q, w0 ^% W+ [
D 172.16.10.8/29 [90/307200] via 172.16.10.27, 00:02:06, Ethernet1/0
0 D V" b. ]. p* i. j [90/307200] via 172.16.10.21, 00:02:06, Ethernet2/0
( u; N/ u' E6 @# R% T" D7 q+ E3 W//R21和R24的双向负载均衡。解决方法就是第六题的solution17 B3 e4 x* Q8 w5 O+ A; U
8.R3 is IP multicast server, R13 should ping R3 multicast address success.
! R2 d5 ^8 |$ p//既然已经知道R3是multicast server,那么这题思路步骤要按照IP multicast的路径一个一个往下游检查。& `! a- p7 B0 N6 w9 W0 l# v$ N
如果不知道,就从目标一个一个往上游检查,直到检查到multicast server。
6 D8 D/ |; W, \; c multicast的主要命令有:# T, q$ a% ~" {3 B( @' X9 @
ip multicast-routing 激活多播路由,为了防止路由黑洞
9 ~) j( B+ H, {2 p ip pim [sparse | dense | sparse-dense] mode 启用模式
* b4 j5 e K" F9 V, D7 W! {5 a. L7 ~8 I ip pim autorp listener 组播监听3 F# e) U/ N( I8 X4 {
这些命令都是基本的,必不可少的命令。应该在所有路由器上都可以找到
/ ]6 @% g3 Z# QR3#show run | in ip pim2 `' |2 K/ l1 D, T# w6 L% [
ip pim send-rp-announce Loopback0 scope 1 group-list 1: \; o1 m+ b' W; f g# B" P
ip pim send-rp-discovery scope 17 h4 w9 J3 X8 ^' ~
R3#3 U0 p1 r$ s2 e
//pim 跳数限制成1跳,改成16跳。并且查看group-list 1。
3 r5 v, `0 k* s0 A% CR3(config)#ip pim send-rp-announce loopback0 scope 16 group-list 1
" {" B; e9 Q: q! YR3(config)#ip pim send-rp-discovery loopback0 scope 16
Z; M8 S9 {" N+ S3 L, K6 @+ pR3#show access-list
0 g% I" T* ?) S1 V' T8 g. sStandard IP access list 1! |, w3 z6 L7 z% F R* R3 I
10 permit 224.1.1.2' I$ U( v/ }" f3 [# i
R3(config)#no access-list 1
$ i+ [& M: M4 l |6 g( YR3(config)#access-list 1 permit 224.1.1.1
+ r6 }" H6 K6 I. ^R3(config)#$ [ j% d9 ?, V
//题目要求挂的组是224.1.1.1 所以改回来。
7 H" I- n( w3 G: W$ jR3(config)#do show ip pim rp map7 c+ c$ `2 G" `+ q1 o
PIM Group-to-RP Mappings
# o% N; s/ @! H. y5 R% _% oThis system is an RP (Auto-RP)8 V. Q3 _" o8 m, B( w8 j
This system is an RP-mapping agent) Q6 X& W! L2 g R
Group(s) 224.1.1.1/326 R/ P/ n4 M. c! K6 [
RP 10.1.1.3 (?), v2v1' Y* v" w4 @4 B, H. Z
Info source: 10.1.1.3 (?), elected via Auto-RP
_5 z, O$ L( t, O' N" a$ ~ q Uptime: 00:00:45, expires: 00:02:12
+ Q% d; C1 Q) }: ^2 Y1 G% jR3(config)#do show run int lo0
* f; o2 Y8 W6 p3 J4 W) Einterface Loopback0' V& B7 g9 ~ I n* G) u, K
ip address 10.1.1.3 255.255.255.2551 Q f1 O& s3 ]& `8 [* k
ip pim sparse-mode4 e$ U; P* E T$ r6 m k& x
end
) s& A) ?& F1 f, `R3(config)#0 n$ n, {1 `$ a" j9 ~( P7 L4 d5 D q' w
//Loopback0应该加入组,做映射代理。# U7 U' D( B6 y1 g8 p# V' ]
R3(config)#int Loopback0
2 G- y9 V C" M# ~7 H, P5 l% kR3(config-if)#ip igmp join-group 224.1.1.17 H; m, L% C3 w4 p3 b
//从上面的show ip pim rp mapping可以得知:自动RP/ x* `5 V9 {3 @0 m* t2 |
所以所有路由器都应该启用autorp listener- ~2 k9 v" s- z7 U# v
这些就是multicast server的基本配置,接下来往下游逐一检查。
2 u& I& F6 R; F3 k' a; T4 c( SR5#show run | in ip pim
9 Q+ \/ {6 |6 a( W1 Q ip pim sparse-mode
7 I& j& O- c+ H% d: B ip pim sparse-mode; E/ g5 l |) N" ^
ip pim sparse-mode7 t. ~3 s, W ^; x1 i: v5 N) c9 Y
R5#show run | in inter
' @* V1 j. N, g' h5 z% h0 Cinterface Loopback06 x' ^" K3 E0 L. K- _
interface Ethernet0/01 C$ j- ^, Q, P3 f q1 w$ W
interface Ethernet1/0
/ X3 E. F7 S1 \5 X" ^) mR5(config)#ip pim autorp listener7 E' ` I. m: w6 a$ Q! S% K; W! ~
R5(config)#do show ip pim rp map# [- w. |, z! `+ V" ^0 Q$ n& H
PIM Group-to-RP Mappings; Q* P) d" b& z1 V1 M
Group(s) 224.1.1.1/32 |( d, ]6 O3 d4 ]/ ^& ?
RP 10.1.1.3 (?), v2v1
% m' ^% P6 |" E Info source: 10.1.1.3 (?), elected via Auto-RP7 I: h7 T! b/ F# l2 R
Uptime: 00:33:36, expires: 00:02:09
% h. i0 x( G7 }' Z5 G, h4 q4 XR5(config)#do ping 224.1.1.12 f- b% D. Z8 I0 U Z0 w z
Type escape sequence to abort.
! |3 K% m+ k6 b, z; j1 o; eSending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:6 ]% _/ R& I' Z( _% Z+ O1 a: X
Reply to request 0 from 172.16.15.9, 28 ms
' M8 Q# I( f4 p5 @R5(config)#
) o5 H7 I4 [4 M6 l; \" d. f//R5学习到了映射表,查看R9是否能从R5上学习到。8 ]# ?$ o1 M/ `0 W# ?2 j/ M& v
R9#show run | in ip pim
% s3 N# z: {& Q7 B5 h& G ip pim sparse-mode- o2 C' l+ Y9 B D7 i2 \
ip pim sparse-dense-mode
7 \4 }" ?0 G% X3 \3 x$ X4 G ip pim sparse-dense-mode
* ^ v# m; B+ k. D3 W; F4 b$ c W ip pim sparse-dense-mode2 u5 Z1 N% t1 a% u& h: t9 Z
ip pim sparse-mode
" j. N \8 v+ NR9#show run | in inter
& f0 Y0 ~9 m, A0 N3 _( t; Hinterface Loopback0+ w! C" U$ E, S" u: q2 S
interface Ethernet0/0! O" c# y% [. a* v
interface Ethernet1/0( h$ q4 j* u! b3 V. J! E1 M
interface Ethernet2/0
1 w3 n; C. G$ @6 l4 Rinterface Ethernet3/0$ P1 N+ q) f8 g1 i% G0 }
R9#
. R N8 _& ]1 I/ i' [//把sparse-dense-mode改成sparse-mode,模式必须一直。
/ k+ n' D5 |/ m( Z" M' TR9#show run int e0/0
+ _& c |! R' J( Sinterface Ethernet0/0
" a- y5 N+ E3 u1 p ip address 172.16.14.1 255.255.255.248
) O$ p' x, x7 } ip pim sparse-dense-mode
. ]% Q% R. ~9 I" w, `/ F( l ip ospf authentication message-digest9 N" k: Q. C, q8 j0 I
ip ospf message-digest-key 1 md5 cisco) p+ p% r0 W% j D; [
ip igmp access-group 10
, z! I9 r+ _9 X$ m* \* y half-duplex5 H5 v& [7 v5 N8 z
end6 n, Q* h/ t) v/ A( y" g! j/ \
R9(config)#int e0/0; H) x( H+ I, H4 N5 `
R9(config-if)#ip pim spar# N! S, a; @6 k: V5 B7 e
R9(config-if)#int e1/0
7 {' j' n/ P! a) l' `3 ]R9(config-if)#ip pim spar
9 e. C# n6 j/ V9 ]; M3 TR9(config-if)#int e2/01 e' q2 P) O$ P/ a: Y
R9(config-if)#ip pim spar
% {5 B) e+ N% x: \$ @( w$ bR9(config-if)#do show run | in ip pim+ a2 R/ H; r, o5 p8 q
ip pim sparse-mode% \& e: w; M5 b/ s% K. ^
ip pim sparse-mode
. \$ d- D2 f! ~- ^5 k* H/ L ip pim sparse-mode
" \+ }. k. P1 a7 g ip pim sparse-mode' k" }" Q: M9 E* K% r+ Q2 x( O
ip pim sparse-mode G: o' _( N& A% l
R9(config-if)#" H2 N3 J2 P" V8 W" L
//修改完模式后,是否有留意到端口上有个IGMP访问列表?
/ Z! `' x/ V% a$ b/ W 把访问列表修改成放行,因为访问列表最后默认有一个deny any,所以会阻止下游路由器访问。
2 p' H" P2 n: l; iR9#show access-list3 n8 x& d0 S) `" R
Standard IP access list 10/ p# E* t% z/ S9 I9 H Y& L, y
10 deny 10.1.1.3* D( O. q9 F$ q V: U7 R8 b
R9#conf t
$ d9 _5 G3 x' R' u5 z5 O8 NR9(config)#no access-list 10
" |- g5 ?2 b4 y% \( I$ v' VR9(config)#access-list 10 permit any
# v% A3 q @% X: R1 I, g* wR9(config)#4 a: k4 g5 |# @; B7 a; I5 s' @, w( f
R9(config)#do show access-list
" Y/ H+ z" P i5 m8 h% w7 r& WStandard IP access list 10
4 ~3 s$ o; h* Z; j# j- k6 e 10 permit any7 b1 s" U' P% }, _* W8 Z4 ^2 s
R9(config)#$ n- M+ x. D) w' u8 p! L
//完成后查看mapping1 G) s9 e7 q" z
R9(config-if)#do show ip pim rp map4 ~. o/ _7 w$ h0 }
PIM Group-to-RP Mappings2 b# g9 f& G0 Q
Group(s) 224.1.1.1/32
! {5 N/ L* l6 c RP 10.1.1.3 (?), v2v1
9 M8 J" S5 a3 _. p Info source: 10.1.1.3 (?), elected via Auto-RP( R& a) X0 K0 h R
Uptime: 00:03:29, expires: 00:02:28
# _$ s- X1 P# L2 ?) oR9(config)#do ping 224.1.1.1
, b; ]7 u, u6 n7 L5 vType escape sequence to abort.8 C" u! z2 J% a& l# m5 d
Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:
! T& T3 |0 J3 I3 r8 Q! SReply to request 0 from 172.16.15.9, 80 ms0 f8 `: M& k! l, j4 w+ K' x
R9(config)#9 q& v" t- r: N8 y) f
R9(config)#ip pim autorp listener //记得把这句敲上% F3 w: T, H$ M" [& e7 s0 `/ m# ^
- l* H+ M, W/ p& T. f
R11#show run | in ip pim9 C( S( }" F1 ^
R11# //什么都没有,也就是R11没有启用任何组播。
4 F- j9 ~3 J9 O# z* a$ Y yR11(config)#ip multicast-routing3 M$ d1 Q3 L# d. R1 j G
R11#show run | in int% l! |/ w2 ^' Z
interface Loopback0
/ I1 E u2 V: E! {interface Ethernet0/0
9 U/ F" @! p9 g# b; Cinterface Ethernet1/0
* l& O% @% r1 h7 Pinterface Ethernet2/0! |8 g8 f( @3 t( }/ n+ B6 x' _- O
R11#2 Y1 i x C0 x' V* [) A' r1 `
//在所有的接口上启用2 y! ~6 s4 L6 O* |- j. w! J
0 g7 H; `( A$ d$ [
R11(config)#int lo06 k3 f3 W F+ T, k; C
R11(config-if)#ip pim spar( F' j' r% ~6 C. r/ E5 A
R11(config)#int e0/0. |$ v8 B$ `- X6 H# Q$ V
R11(config-if)#ip pim spar! T) o9 T3 o8 v- Z v
R11(config-if)#int e1/0
0 t/ o: r' m. `2 V$ T0 s4 ER11(config-if)#ip pim spar$ R- E2 q- V" S X: M. ~
R11(config-if)#int e2/0
% K* Y2 l4 C7 s( \' k. f0 X, q1 sR11(config-if)#ip pim spar0 O: u1 _0 \" ~( v( q* w
*Mar 1 01:00:13.527: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.18 on interface Ethernet0/07 D f2 p" g4 ^
*Mar 1 01:00:15.283: %PIM-5-NBRCHG: neighbor 172.16.14.33 UP on interface Ethernet1/0% Z2 t2 f; i- g9 m1 Y
*Mar 1 01:00:17.215: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.34 on interface Ethernet1/0
. }: S! h: \9 D( ]% _7 O! F- Q3 z( S*Mar 1 01:00:19.479: %PIM-5-NBRCHG: neighbor 172.16.14.42 UP on interface Ethernet2/0
" L; F$ D& B1 D2 L+ o" X8 e. F3 z% r*Mar 1 01:00:19.515: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.42 on interface Ethernet2/0
( `# _3 `+ P; `& r5 v/ y# G*Mar 1 00:59:10.463: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 10.1.1.11 on interface Loopback08 d4 B# j' q( X6 z) m5 G' i
R11(config)#ip pim autorp listener" _! b9 ~& O: f$ y
R11(config)#do show ip pim rp map
8 M3 A% Z8 j' Z/ [$ KPIM Group-to-RP Mappings
- C# I' A: k A) A0 ]& a( mGroup(s) 224.1.1.1/32# A$ c' s; Y9 ]! Q k5 @3 p+ j. A. s4 j
RP 10.1.1.3 (?), v2v1
, k$ \- j! m' w2 j% F Info source: 10.1.1.3 (?), elected via Auto-RP
9 }8 ^& v7 @3 e( d% p$ ~0 V4 S Uptime: 00:00:32, expires: 00:02:268 H! i$ T: A0 `+ T+ i
R11(config)#do ping 224.1.1.1
5 [. \2 m" d( i! K0 n9 ]5 W3 cType escape sequence to abort.
) |. R7 G0 R0 o5 A# t! Z3 H6 dSending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:
9 u" i) M- o6 N, GReply to request 0 from 172.16.15.9, 152 ms% L9 _# V) {0 b
Reply to request 0 from 172.16.15.9, 152 ms1 G% F3 R; g1 r+ M
R11(config)#
; r; h, [1 b, r! L//此时R11已经学习到下一跳为R3的组播信息。
# u$ m7 K/ v. T1 p% pR13(config)#ip pim autorp listener
7 G! ?: u" i. a' `# W7 ^8 mR13(config-if)#do show ip pim rp map
8 Q0 i" P3 b7 {7 vPIM Group-to-RP Mappings2 ~ K: D9 _) K/ J
Group(s) 224.1.1.1/32! v- h( T/ {8 h, j2 b8 e# c
RP 10.1.1.3 (?), v2v1
2 S1 i% a* @( N" X+ N Info source: 10.1.1.3 (?), elected via Auto-RP$ e% i, p) y6 i
Uptime: 00:01:25, expires: 00:02:33
$ }2 v/ }1 Q- R, @R13(config-if)#do ping 224.1.1.1
9 F3 a3 N% `9 Z* GType escape sequence to abort.
3 ~: R$ @% p" X7 DSending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:
2 q: ?$ A6 U. S4 [Reply to request 0 from 172.16.15.9, 112 ms
( u9 V6 T- f4 m' XReply to request 0 from 172.16.15.9, 200 ms1 m, r9 b5 E7 N2 y: A5 R/ A) f
R13(config-if)#
9 Z7 _$ ], c5 v7 b6 a. e9.R13 just use loopback Send trap to NMS 10.1.1.4 when R13 s0/0 down.
2 H7 E5 [. R, W# F* b R13的s0/0上有no snmp-server trap link-state
" v) y R6 Z- w/ Y% k; f7 m& f 改成:snmp-server trap link-state
' W0 ?7 d/ l! k4 s+ L# j4 S9 H( ]' R5 ~R13#show snmp
% X! A+ o; m3 zSNMP logging: enabled. R! s+ j5 e" v$ L
Logging to 10.1.1.4.162, 0/10, 15 sent, 0 dropped.
% N+ l; B0 }2 ~" c' f G" rR13#show run | in snmp
/ N6 d5 J" L4 {, \snmp-server community cisco RO9 R0 i. s0 O, C* D
snmp-server trap link ietf8 k) r4 z1 F: i3 `
snmp-server trap-timeout 100+ ~4 O5 _6 g: B9 n2 T) c+ J* a
snmp-server enable traps snmp linkdown linkup1 t2 c' r* a: [% i; Z
snmp-server host 10.1.1.4 cisco snmp //如果没有这个命令,debug就无法出信息8 Y' o } g( G0 `* _* a5 y5 o
R13#0 e; I G6 p/ P5 L! t1 u
R13(config-if)#do show run int s0/08 B' i1 E& \) j5 V) Z \
interface Serial0/0
! j) _' D; F% V7 l/ L9 O no snmp trap link-status & m7 I5 V6 C$ X1 j8 Z4 Q/ \
end* L2 z& b- L6 h; Q
R13(config-if)#snmp trap link-status
% S6 R- E8 ]4 |! y: r$ ~, GR13(config)#snmp-server trap-source loopback 0
8 U- e, z _5 G/ M. \- n5 [( [R13(config-if)#do show snmp/ }. z- J7 U) |8 L
SNMP logging: enabled8 G9 X% L4 ]9 h( I0 }3 C3 D/ W
Logging to 10.1.1.4.162, 0/10, 17 sent, 0 dropped.& C7 n. H/ \/ F' u3 ] m2 Y& ^+ z
//debug snmp packets,开启这个命令后,然后把端口shutdown也可以看到效果。
% H$ C7 G' R+ k; Q* \$ b# @# `+ d…………; m8 Q4 T: q- w# C7 Y
ifIndex.5 = 5
$ `: J2 ~% g' l ifAdminStatus.5 = 2 1 b. [( x. E+ y/ n; F$ b& D8 s% A7 f
ifOperStatus.5 = 2 ! p9 `1 u% X6 C3 U+ ^, E
ifDescr.5 = Serial1/0
! y' d7 s8 f3 j0 @2 P3 Q% t ifType.5 = 32
7 u' d; _' R, F! F6 [1 S lifEntry.20.5 = administratively down
8 M$ |3 h. j) k# A" K//最后记得把端口重新打开
S: [& v8 a( t' I5 x10.The question with R13 & R5 roll tunnel.# n/ l% z) F' \5 J9 b6 K ~4 C
*Mar 1 01:54:26.675: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing
$ Q8 N$ _, a0 d5 d( m*Mar 1 01:54:27.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down% e: v4 Z& a- y+ e0 t
R5#show ip route. p' L8 U5 F1 K3 E( K9 a+ }9 i; M6 @$ U0 X
O 10.1.1.13 [110/31] via 172.16.14.1, 00:00:22, Ethernet1/0
( Y/ F3 A' n' `R5#show ip route b9 @+ v* @* k3 j( A. F4 ]7 U
S 10.1.1.13 [1/0] via 135.0.0.13
) e9 \: k4 D/ g0 l- a, p//Tunnel翻滚,在UP的情况下,R5和R13是通过静态路由连接。, l+ E, U" ]* V0 b8 f7 `
在DOWN的情况下,R5和R13是通过OSPF连接。
: h/ {+ }, b8 r+ E) p- q4 a, [7 C, ?& u
R5(config)#do show ip int br
& p/ i0 Y4 `' _- C# F" k4 O' z, `Interface IP-Address OK? Method Status Protocol
: p$ W3 v4 W3 g1 p4 y2 Z) d" t) QLoopback0 10.1.1.5 YES NVRAM up up
) ~+ _' A4 I3 V7 `0 ]; T- vTunnel0 135.0.0.5 YES NVRAM up down
? ?2 k0 F2 w! M6 m+ B5 e. o' e& eR5(config)#do show run int Tunnel08 X' r7 l/ n9 Z4 W$ ]( U t
interface Tunnel0
+ d# R J- J' {, v7 X: I ip address 135.0.0.5 255.255.255.0, Z, z( ]. Z3 L* ^
tunnel source Loopback0
r- p. v+ }- V8 o5 @& S0 G tunnel destination 10.1.1.13+ x2 V Z K' t2 R
end
8 r: z3 ~$ \3 WR5(config)#& \# n1 [6 {0 |9 ^' \
R13#show ip int br
0 V0 r, w6 H: C6 N! [# yInterface IP-Address OK? Method Status Protocol1 r" r( V% T' M" v' r9 X
Loopback0 10.1.1.13 YES NVRAM up up * D0 t5 N" ?( l( X# M8 j6 G
Tunnel0 135.0.0.13 YES NVRAM up down/ V7 W* h& z/ m" U. m- c; F) J
R13#show run int Tunnel01 S6 b4 Z$ J4 C! C6 \7 H4 s
interface Tunnel08 ]9 t& X( d, y3 A+ b ~5 \
ip address 135.0.0.13 255.255.255.0
: y6 B) z/ k* p tunnel source 10.1.1.13& a8 ^- ^$ F4 r! U
tunnel destination 10.1.1.5# X- l" h& U# G" r* Q
end
6 f& @" Q) s. T- vR13#
3 g. a" X& a3 B7 ^- K( _//方法一:直接把静态路由去掉,R13和R5的路由信息会通过OSPF来发送。2 ^ Q4 {2 {# G' g
R13#show run | in ip route
( R9 D# Z) @! N! w0 k, N2 L7 t2 gip route 10.1.1.5 255.255.255.255 135.0.0.5% v# o8 W/ Z' M8 v0 }
R13(config)#no ip route 10.1.1.5 255.255.255.255 135.0.0.57 p2 S5 Y" I" J$ m, }
R5(config)#do show run | in ip route5 Z8 p' G, p. M+ k# e# Y/ L
ip route 10.1.1.13 255.255.255.255 135.0.0.13/ M" E, C; T8 p- S) f6 O$ U6 H; X
R5(config)#no ip route 10.1.1.13 255.255.255.255 135.0.0.13% c" [" c% o% [: Z
R13(config-if)#do show ip route
0 p, L: G& c2 ]( O5 ]5 uO IA 10.1.1.5 [110/31] via 172.16.14.41, 00:01:35, Ethernet1/0
- `/ H2 G7 I% ?" y5 M" |( H 135.0.0.0/24 is subnetted, 1 subnets1 d( M9 m4 j$ E: G- u9 T
C 135.0.0.0 is directly connected, Tunnel0) E+ r& e4 x+ T$ A5 U3 R
R5(config-if)#do show ip route' J. y/ g: @' m1 A [, V
O 10.1.1.13 [110/31] via 172.16.14.1, 00:01:38, Ethernet1/0
2 y* ]7 b! |; T) t 135.0.0.0/24 is subnetted, 1 subnets
1 |2 j& _0 k6 A4 AC 135.0.0.0 is directly connected, Tunnel08 X. s! x- A& K7 i( h* f" R
, t0 _! t( J, W+ k& T, O//方法二:把静态路由的下一跳改成下一跳物理接口,R13和R5的信息会通过静态路由发送。/ A/ b2 W' k8 w- N- B4 z
R5(config)#do show run | in ip route& t7 R7 ?4 K" j4 [) R- Y7 N
ip route 10.1.1.13 255.255.255.255 135.0.0.13
6 K8 w/ z r, a' eR5(config)#no ip route 10.1.1.13 255.255.255.255 135.0.0.13
5 I* L- | O0 o- h8 ]R5(config)# ip route 10.1.1.13 255.255.255.255 172.16.14.1
2 t4 T7 |% K5 r2 U5 F) ^+ M& U; V*Mar 1 00:05:36.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
2 b/ B/ T! x$ \- u5 j, l( j
. |* v o4 M4 o5 b' q( L* nR13(config)#no ip route 10.1.1.5 255.255.255.255 135.0.0.5! t' N' O- O: G* I9 o
R13(config)#no ip route 10.1.1.5 255.255.255.255 172.16.14.41
" \! s& y: \1 S& f*Mar 1 00:05:46.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up L' N2 B( ~, [( _
R13(config)# ip route 10.1.1.5 255.255.255.255 172.16.14.41
* i9 [6 _: z9 v9 O: iR15(config)#do show ip route
( \; n# j7 U; U4 }- ] R/ `, KS 10.1.1.13 [1/0] via 172.16.14.13 x% x, N+ L8 a. p
135.0.0.0/24 is subnetted, 1 subnets
9 u6 J! b8 _/ l4 r) o. O+ I1 @C 135.0.0.0 is directly connected, Tunnel0
6 _: y7 X, j+ P8 h4 R1 xR13(config)#do show ip route. R& q, c+ {. |& d
S 10.1.1.5 [1/0] via 172.16.14.41
* H& u0 c' G& ?' M$ d 135.0.0.0/24 is subnetted, 1 subnets1 ^; V- a& i( u. d+ {
C 135.0.0.0 is directly connected, Tunnel0+ l( {3 I7 T( L c6 i3 m
//战报说如果该下一跳物理接口,则需要在R5上重发布静态路由。7 J3 n# C% q- Z0 U- O
但是我不知道为什么我做不出这个问题。# F& Q$ Q$ h8 l1 ~9 h2 t9 X
考试的时候看题目需求来做,如果题目明确说明不能去掉静态路由,则不要删除。
0 D& V4 |2 s- D: z# j" Q# C: N4 A" A* ]& _9 a2 W" E
) b* {" h3 @# Q( N! c
4 l3 I( O, ~* J$ ~# a
- N1 c" v( g$ [
* @" S: g3 E6 L# a& F( u4 B' d- b9 L i( ]
$ P" o+ p) j2 H9 |
4 ~. V- E" U+ N( u+ M
* m& }2 h0 [9 d& x7 U' F" y7 T2 S |
评分
-
查看全部评分
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2011-8-25 11:52:19
置顶卡
喧嚣卡
变色卡
千斤顶
成长值: 63400
发表于 2011-8-25 14:06:43
