这是据说的K8详细配置,拓扑是其他人传的那种!+ I# t0 g2 L) a/ {7 H8 H
有没有谁能给个确定的答案,能否确定K8真的出来了? # `7 m1 F7 X& K) L- L* J Q
% ~3 p# A8 @0 E* R
Section 1 - Layer 2
; \. E- f6 R U3 u3 `& E
( w2 \. y0 Q: L- U3 i----------------------------------0 t0 B$ ?0 V7 W4 j$ C( s; _1 J
1.1 Troubleshoot Layer 2 Switching
" b7 e9 T7 q5 i1 U* c! W----------------------------------
8 S' |1 t( W0 d# R# ?Cisco says that there are two faults injected. Each fault will give you 2 points. The whole Lab had 78 points to get, so you must have 62 points in order to be over 80%.5 H- ^: C" A+ F2 d
% v& C- j5 p) I2 X- VTP password about sw2,3,4 with sw1 mismatch
1 V' G2 m) d8 Q6 I- no ip cef on some routers (not sure if that is a fault)" V- N1 W. h: O, p
5 B' Q9 k: g4 T-----------------------------------------------------
: O! H) D* s7 X2 L3 C6 _1.2 Implement Access Switch Ports of Switched Network' {* R) H. z+ @* K2 P( |$ Z1 s
-----------------------------------------------------6 Z8 L0 h# y$ [. K1 j9 l/ a
Configure all of the appropriate non-trunking switch ports on SW1 – SW4 according to the following
6 C$ k1 q" d8 f1 t' y
2 v L q7 e( c/ [7 g' d- SW1 is the server for the VLAN Trunking Protocol version 2 domain "CCIE" (VTP password "cisco" )
; U3 L, D# ]2 V; T1 U- SW2, SW3, SW4 are expecting SW1 update their VLAN database when needed' j) K0 {; m# `$ ]5 j
- Configure the VLAN ID and Name according to the table below (case sensitive)
, k* B: h* H6 a- Configure the access ports for each VLAN as per the diagram
$ _; O& \. U# L( z$ b9 u- Configure all the Switch mode are Transparent after synchronization the VLAN database.2 t& v% R9 n" ?4 \, J
3 Z$ Q5 S' i/ l" f! k( o
VLAN_ID NAME
( N: n# h5 M9 r* \ I( T( g8 d0 U& A28 VLAN_28_R2toSW37 H5 U; o5 i* x# Y* J/ Q5 c# f
36 VLAN_36_R3toSW13 @7 W$ z/ f+ ~, \( e* o) K" r
69 VLAN_69_SW1toSW4
4 a" k5 \2 i& D3 _) [89 VLAN_89_SW3toSW45 {& H A5 Z3 W/ k
500 VLAN_500_Client5 H! z/ P& [- P
/ r- Q9 I, x0 x- y" ~1 c1 ]. O; }
--------------------------------------------------------------------------------------------------------------
0 O5 I0 A& s7 t1.3 Spanning-Tree Domains for Switched Network Configure the switches according to the following requirements:5 |6 u& t! J- q5 W, ]( n0 x' [, `
--------------------------------------------------------------------------------------------------------------6 {3 h9 z8 ?7 G3 O! S) W
4 K) k9 d- a: Z- Both switches must have one instance per vlan.. }& Z; h" g! H' {9 m
- Ensure that SW1 is the Root Switch, and SW2 the Backup Switch for all vlans(obtain the future vlan) - Configure instance per vlan and rapid transition for forwarding
7 L' m2 p5 O9 P$ Y+ t+ F/ O% Z5 E" p3 w7 F, x3 s
-------------------------------------0 S0 ]: X& `7 p0 ~
1.4 Switch Trunking and Ether Channel
1 I* A: f; x; `) ]! @4 A- G/ J-------------------------------------+ {& G, }4 {& v6 S* e
Use the following requirements to configure the Etherchannel of SW1, SW2, SW3 and SW4:
8 E- `2 N7 A* A9 {" M/ u
1 U5 u8 T, y* C3 N- Use encapsulation 802.1q for all cross interface
' a' n+ _0 h( R& x5 T$ W- Configure Etherchannel use the 802.3ad standard
2 R) S* D& H% Y. r% A3 m! H4 N- _+ l1 ]
3 N* k8 T8 p8 L6 v) u2 g; k& ?-------------------------------------; j2 \4 D1 A) s9 p5 \9 C
1.5 Frame-relay configuration- k7 l5 v) G: `' x
-------------------------------------4 W& {" [9 z' K: ], B+ ]
- Back to back frame-relay between router R5 and R1 and R1 and R48 ]4 D) [* W; i
- R1 use the sub-interface connect to R4
$ y% b6 x4 {% R# [* C& `. g; g X3 F
3 A4 |* x# b8 e0 p) a- \$ iSection 2 - Layer 3
* @5 Q3 r% b& }6 g9 a( W--------------------------------( J J0 F" [8 f f
2.1 Implement IPv4 OSPF
' O/ i7 U/ U& K( i5 l1 V" j y--------------------------------7 Z2 y1 K! x" X& V1 A
- OSPF process ID must be used the YY number ] g# v i: @, |
- Router ID must be stable and must be configed using the IP Address of Lo0
7 O; P: \( }; R8 ?1 r0 x. h- Lo0 interfaces must be advertised in the OSPF area as shown in the IGP topology diagram and must appear as /32 routes
8 f* h5 d# v( t: q6 N1 A- Do not create any additional OSPF areas. Do not use any IP address not listed in the diagram
; F2 v" ]" A1 k2 R& z2 r5 f1 G
, V& J) Y: S! U- E/ E* S--------------------------" g5 D6 u' p/ A
2.2 – Implement IPv4 EIGRP
R A. U. o! e1 a* O--------------------------
9 U1 ~) @( q. `6 k9 |
+ q5 d9 {3 h2 l5 t# X9 A! F) ]* |Configure Enhanced Interior Gateway Routing Protocol (EIGRP) 100 on SW3 and SW4 in order to establish EIGRP neighbor with Backbone 3 in the IGP topology diagram.# ]( [) u/ Q/ \1 e
- BB3 has IP address 150.3.YY.254 and is using AS number 1002 n1 t2 b1 U2 N0 n7 t
- R1,R2,R4,R5,SW3 configure the EIGRP AS YY to build the IGP part' d z( S. ~5 V$ R. _; [$ \- U
- Disable auto-summary. @- k) B0 c+ T$ j
& t. ?$ y* B* @* F; H--------------------------; }3 c7 m4 ?$ p# U. A
2.3 – Implement IPv4 RIP3 r$ g. W M& L9 [
--------------------------5 ]" ]* e$ c) O. _# l7 t
* j& K0 H' G; i/ ~2 v ^0 W: K- Configure RIP on SW1 and SW3 8 J8 [7 H9 ]* `1 g8 C" j% s
- Disable auto-summary6 ~' @3 }; D. ^2 h; b$ c9 n d3 z
1 A3 o2 {& s" |) Y; Q+ N
------------------------------- Redistribute EIGRP into RIP: I/ r; i0 a: a6 v) x( g7 N
------------------------------
$ _. L! d" H# f" W M3 d/ w c' e-Redistribute EIGRP 100 into RIP on SW1 and SW3
8 t0 A8 U5 y1 S# [& D- c% |5 n p$ @2 R* L5 o2 M* L
--------------------------------! @! w) e( }, v, P# E( `0 I
2.5 Redistribute EIGRP into OSPF
+ {4 r+ d8 s% e1 D2 _$ }: j' a# O--------------------------------
: i* ^ O: c/ P% C8 {* c4 S& z' G0 W- Redistribute EIGRP into OSPF./ s4 V9 Z. M" N; A3 {- ^0 c
5 K0 V2 Q9 \1 g--------------------------------1 s% ?2 E& P- C; M
2.6 Redistribute OSPF into RIP6 q$ i! j! X; k) g) ^
--------------------------------1 U! `7 D0 d* p* G4 \
- Redistribute OSPF into RIP
2 b+ N* I+ e2 F* h0 K- Do not redistribute RIP into OSPF% w9 X4 v+ \" p* B
- Area 0 prefix was a IA route and wasn’t allowed to go into any area existing# _: p! Z% d+ u& v( d+ k1 B: _
+ P; p2 p( [ G) x+ ]
----------------------
( g5 o: k7 r. l. m2.7 Implement IPv4 iBGP
4 Q1 }- f* u0 I----------------------3 E8 I' {; \4 w: P3 m6 S6 C8 ]( L5 E
-Configure iBGP peering for R1, R2, R3, R4, R5, SW1,SW2 as per the following requirement.! j. C4 P* k' G2 Z: f( ^$ p
- Minimize number of BGP peering sessions and all BGP speakers in AS YY except R1 must have only one iBGP peer/ ? O$ Q# V+ G! C0 E- m2 ]
- R1 is the only one allowed to start the tcp connection for the BGP neighbor
* R" R" m& j0 T2 `2 R, [: Y; `-SW4 is AS 144, peering with SW1 and SW3
" W" ]7 M/ a+ a) _0 e, l3 }
- Y# t2 f0 p# p/ j- A9 ^" C* p% |, a, U----------------------
4 Z1 U- d1 C1 j H1 w2.7 Implement IPv4 eBGP
( B7 B3 b( G; y" }9 O----------------------
3 `: z# s% u* s' I5 O1 E-BB1 and BB2 are AS 254,peering with R4 and R5
2 a6 i; F6 J# P0 n: S-BB1 and BB2 are advertising the same routes with different AS Path.4 o8 v& O( W9 J) B# o8 x) o
-SW4 should see 2 equal paths to the AS 254 routes.
+ o0 S$ S9 A, V& {2 Y-Sw4 should load-share and have to paths to the backbones which are placed beneath r5 and r4 on your topology 8 ^. H3 L! g: ~7 ]3 n. u
-Sw3 should load balance between R1 and R2 on your topology all though Sw2
, L' B6 k2 g7 j" `1 i
! W: y! F1 m9 x8 w* q6 r' Q0 B: GConfigure BGP as per diagram* Y5 o3 q5 O7 U( p7 c
9 @9 V! y8 Q4 K$ A" E" D- When you done the BGP neighbor , you should implement all your address should be reachable from any device, except SW2
( Z( V$ e, Q/ I: s( t7 |: e2 r8 B. ~# D: @) i
8 w% H3 s% I' V' M% J- S----------------------" O2 `1 v3 c `( M# d
2.8 Implement MPLS VPN9 `) T# ^5 c6 V! u
----------------------
0 O; n4 u% K! T" j3 K- Sw2 with two loopbacks connected to r3 and r2 on two different VRF
! t4 B2 W6 B$ E" q4 {- SW2 and R3 stay in CE1 area ,and SW2 use another interface with R2 stay in CE2 area
/ \3 {( u8 E6 _4 n; E9 T- R2 and R3 are PE devices , run the BGP and vpnv4 and mpls4 u8 I Y( j4 q: ~6 ?( J
- R1,R4,R5 are P devices, transport the traffic in mpls area
' R/ i) E" a7 [8 E- R2 and R3 should go through R5 when they start the traffic.
2 ?! H: n$ @! z- Use the standard protocol to transport the label in MPLS area
7 V: F- P5 P( t3 A) v6 v7 p- Need to enable LDP on all serial interfaces only.( s: y( ?/ V* G1 w( b s+ ^
- Mpls must use stable update source
, F$ V" q5 S5 s; |2 d- Sw2 must have two different routing instances in the global one only l0 should be seen" }# o% g# u/ C9 i( h
) @ \8 T6 X5 e; ]1 j. c* z' x5 Q$ q
----------------------
! \0 V, x4 ~# [0 p4 J1 x; p4 F7 s2.9 Implement IPv6 EIGRP# D4 |/ g- v6 ?# ]1 b: P, w4 D
----------------------
6 a/ X6 e) F$ ?: |+ y-use the EIGRP to make the ipv6 neighbor6 K3 t V h4 J2 r* ?# j
- You must ping success for every ipv6 address . e% n- c2 {6 \7 W' L* f3 i
& s$ ]1 `/ e1 _1 U' u6 H3 p
2 w3 n% c8 _8 F
Section 3 – Mulitcast
, e0 C9 Q9 d' b9 R+ R2 N$ G& ]; u7 h' ?8 R
----------------------
/ l# \9 v/ A8 G- K& Y) Y3.1 Implement multicast part 1
t8 a) y0 i1 |! T# t: s----------------------
- X" Y0 D! G, G# [- There has a client located on the link between R4 and R5
: u+ q5 D5 N+ I, `- Need to create Loopback 1 on R1 and R2 as RP address
6 Z: i8 ~- T# `# e1 n. [* Q- Both Loopbacks with same IP address. " h+ D& O- b {1 j0 Z
- Use the standard RP-select method $ o8 L! ~; m5 X! b7 I0 ~
) T. L3 X3 s$ |6 c
----------------------- Implement multicast part 2
" {+ J' m/ Z4 X2 r7 K
----------------------$ B' x9 y* G; }5 }9 H$ j
-Some router must be the source , and can be get the reply from the client% Q4 S( u& A9 t1 l
/ ~/ F# S' v4 z9 \% k* e! \
Section 4 – Feature
+ a- w9 f* U" y
0 a% x, @( m1 _: `0 Y @----------------------- Implement Gateway load balance protocol
6 ^7 E6 S; [+ ^; L. y* I
----------------------
& [& ^" r7 L$ O, m' D# M- SW1 and SW3 use the cisco proprietary protocol to implement the hot switch-over
3 q* X: k2 S+ ]" p. c) Y0 m# M- Use GLBP to achieve the request. E& p. v$ e* \; \% U
- Both two devices use the MD5 Auth to keep the GLBP safe" V8 B) k0 l; y [1 w; o" v, c
- One of them increase the weight to become the AVG ,the other device is AVF7 b+ {, w1 Z3 L, P! n8 j% O
B" \/ s6 z/ @0 c9 b; Z, c----------------------- Implement Layer-2 switchport security3 |8 ~* ]! i9 o6 k: v
----------------------
, l: q; S$ {$ Y% G$ o0 x% k- Switch-port protected, not allowed to use private vlans. Should use port security to dynamicly add mac add to the configuration. - Five users connect to Vlan 500 ( SW2)
6 I1 k: r7 X! q6 q- These users will connect from SW4 ( Fa0/1 - 5).
9 o* L! h1 }- h- This ports should move to forwarding quick.
( l! \: \' f q- These ports should be protected and mac address learn dynamically.: h, H3 o y' h$ h1 I4 Q6 R$ Y, N6 B
- Shut down the ports if violation occurs.
. R$ ]: t5 T; i) b( R----------------------- Implement SSH) I$ x: |& Z' S& N. N
----------------------$ d: S% ]% ]+ l O
- To keep the VTY line security ,you must implement the SSH to ensure the line safe
( X, r) s- N. v" `5 u' v- Two users connect via ssh will go directly to enable mode
. s4 n% u) J8 t/ t5 x2 w- It is not allowed to cause line con 0 a user prompt when trying to login6 p* |8 d' N& `
- Using only one single extended acl.
1 S; z. a( y4 b. e& }
: T( v& s2 {1 x9 [% k9 E2 P& R! ]----------------------- Implement Mpls QoS
) f# h3 J$ i+ n5 \* E& @2 G8 {
----------------------: x7 b6 Z8 @1 p
- policy maps to match different type of qos in mpls is predefined. they just want you to do stuff with it like preserve bandwidth and such.
6 j5 t( U$ Q4 V3 B9 e# x1 Y. s+ m w) u3 K
----------------------- Implement PBR; q: o+ l; k1 L% ?; f" k5 |0 T' I
----------------------
, m5 z& h1 j" w$ S! \- Create Lo100 on SW3
: Y. v7 k' i: R& m, p" _3 l$ H$ r- Create Lo100 on R5: h0 o5 |* e( j
-All traffic sourced from SW3 Lo100 destined to R5 Lo100 ( and only this traffic) needs to so via interface between SW3 and R1.1 G/ j/ y! I/ r. g% i' q3 c/ D7 h
-The rest should load balance.
" r* b U Z6 i2 @-Use the policy-map and route-map to implement
- G2 J! `7 A" n* _" ^7 w# a8 C3 ~4 J) G5 V! O. W
Section 5 – Network optimize h1 m( N+ S* O) _+ L5 W
+ }8 ^5 t2 Y0 y3 k
----------------------4 F) e+ L6 B* C8 U2 ^2 V2 v
5.1 Implement SNMP
' H. ~, O. [) @* |' [----------------------6 U& _8 a8 t5 G7 r
-Rite the configuration to configuration log and something about saving the last 10 lines1 d* {8 E6 H) q
; e: C6 a; s% z3 [: N: C
----------------------
2 }3 q q) m6 W& e5.2 Implement EEM' h5 P5 p, W# G* `) ]3 ?
----------------------
' p7 a+ S; c9 {1 r5 t-The administer ask you implement a simple script on R3! D/ M3 W6 P* r( G; a( H
-Need to match " %SYS-5-RELOAD: ", then do a shut / no shut to gigabit interfaces.! {$ _. y, m) V- H5 {* F4 J
: [5 J- e1 }' v8 E: O) u& Z! E+ v
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
[复制链接]
成长值: 58540
发表于 2013-4-15 11:34:54
置顶卡
喧嚣卡
变色卡
千斤顶
