这是据说的K8详细配置,拓扑是其他人传的那种!) o/ x$ N& k& N: l5 b. p2 q$ l
有没有谁能给个确定的答案,能否确定K8真的出来了?
* }7 j+ V* a$ t. T
2 M* J8 J' Y0 n: A& i7 NSection 1 - Layer 2) s+ g3 a" z$ H( \/ V
0 Q# g, d3 p3 T& A
----------------------------------5 t" |& ~0 I5 T, `+ Z7 ^
1.1 Troubleshoot Layer 2 Switching" J/ t h3 }( w6 u0 i- e* p4 W
----------------------------------
! k7 U2 ~1 T5 g* |- F5 B' Z7 B: A8 iCisco says that there are two faults injected. Each fault will give you 2 points. The whole Lab had 78 points to get, so you must have 62 points in order to be over 80%.
, t" _( m. R" I% ~( T* |0 `6 O. E
5 A5 P1 v+ g1 R- VTP password about sw2,3,4 with sw1 mismatch
8 g3 ~7 l, s" o! t/ @- no ip cef on some routers (not sure if that is a fault): T. y N5 [2 D, o5 J5 W
+ z+ \6 ?1 o4 q
-----------------------------------------------------7 I1 n4 D+ P) {' ]/ H1 Y C3 v
1.2 Implement Access Switch Ports of Switched Network3 |; @! l( z& U# N2 [4 X$ ~* E
-----------------------------------------------------
- M5 q- k5 g C! W' B% G5 R& h; ~; ]8 M9 YConfigure all of the appropriate non-trunking switch ports on SW1 – SW4 according to the following
* z7 S, r( S4 J; ~8 [- Q
5 Z: ~% K' U3 T% C) k- SW1 is the server for the VLAN Trunking Protocol version 2 domain "CCIE" (VTP password "cisco" )
9 ?, y) C5 I3 u- SW2, SW3, SW4 are expecting SW1 update their VLAN database when needed
# u4 t, b" I. `9 M4 n- Configure the VLAN ID and Name according to the table below (case sensitive)3 _2 [ d" v- S A
- Configure the access ports for each VLAN as per the diagram$ Y+ _( k `+ d- F5 V5 ]0 m
- Configure all the Switch mode are Transparent after synchronization the VLAN database.
) w) S- k7 p. q7 s+ G( ]/ m+ n% x% ~ W4 C1 C
VLAN_ID NAME
7 v& v% \. f8 s5 i28 VLAN_28_R2toSW3
2 _$ B5 Q' i$ j1 W& P36 VLAN_36_R3toSW1
: G) B6 x: V9 G69 VLAN_69_SW1toSW4: ?0 N% z4 H% G/ @0 a j. U) s
89 VLAN_89_SW3toSW4
! ?7 k$ P# E* U$ w* V1 @* \500 VLAN_500_Client
, t; G) Q% }& P. I; u2 t; G9 }3 C; ?' A( Q
--------------------------------------------------------------------------------------------------------------
' j9 p; e9 x8 \; J( ~# }1.3 Spanning-Tree Domains for Switched Network Configure the switches according to the following requirements:$ a* R7 } F& ~, B1 O7 z2 o0 K
--------------------------------------------------------------------------------------------------------------7 A5 y& [9 `0 R# n0 R# |, n( _8 a
* ?) |) d* n3 ], U/ ]; D2 q- Both switches must have one instance per vlan.& r0 h& x2 g' x8 O& k! L$ F
- Ensure that SW1 is the Root Switch, and SW2 the Backup Switch for all vlans(obtain the future vlan) - Configure instance per vlan and rapid transition for forwarding
7 j% F! l1 M+ d/ n ]) i+ ~8 v: L, G7 ^# }: P; h. l7 W7 z% i
-------------------------------------7 }: C9 }1 l" A2 q
1.4 Switch Trunking and Ether Channel' G8 a, b- n3 G) X4 L( C
-------------------------------------% g5 @# d9 d8 M# q" ]
Use the following requirements to configure the Etherchannel of SW1, SW2, SW3 and SW4:
8 W6 y/ `; ?+ E& X/ @1 X. [6 \
3 G- k. _2 B5 |; s3 s- Use encapsulation 802.1q for all cross interface
$ R: H1 ?/ V! g: e+ d- Configure Etherchannel use the 802.3ad standard
4 [! `1 i: M# `9 I$ K% }
f6 N9 G( \: l, U-------------------------------------
+ L0 x/ c$ d4 H7 N3 s. z4 Y+ H1.5 Frame-relay configuration
# l4 y3 [$ A6 d; O+ q! K' V. r-------------------------------------( K) `6 x# @9 X7 X2 N' X
- Back to back frame-relay between router R5 and R1 and R1 and R4
3 ?! Z6 \8 ~- L7 M/ Q+ y+ Z - R1 use the sub-interface connect to R4; @/ x$ k! m' }+ S7 }4 q
8 N" c7 _! w- |Section 2 - Layer 3/ u B* q- I# v- T; q
--------------------------------
! \. U3 J3 R6 ~: p0 `, y2.1 Implement IPv4 OSPF/ |6 ^) y3 i5 {+ _; }2 b7 r
--------------------------------6 V. R$ s7 B+ d# ~6 m) i" {
- OSPF process ID must be used the YY number
' w- Q6 I( C" ?( g# b6 f! p- Router ID must be stable and must be configed using the IP Address of Lo0' n z+ e! S; i3 c2 C- p" ]
- Lo0 interfaces must be advertised in the OSPF area as shown in the IGP topology diagram and must appear as /32 routes
1 ~" z0 \) H) K9 d- c/ ~* H6 g8 f- Do not create any additional OSPF areas. Do not use any IP address not listed in the diagram
: A8 N& ]( A8 n+ m; O& _& |
* \: u4 p# v: g/ [$ p5 Y--------------------------, E# g5 S" b$ {8 R% X
2.2 – Implement IPv4 EIGRP/ \) W. ?7 d+ n: B7 v/ e
--------------------------
) m; K E) d9 w& \$ O
, \1 J# Z* l0 lConfigure Enhanced Interior Gateway Routing Protocol (EIGRP) 100 on SW3 and SW4 in order to establish EIGRP neighbor with Backbone 3 in the IGP topology diagram.
7 C4 M3 M2 l5 s0 F# t! a9 r; W- BB3 has IP address 150.3.YY.254 and is using AS number 100
/ @8 C$ ~2 I- h/ c( b, D- R1,R2,R4,R5,SW3 configure the EIGRP AS YY to build the IGP part
. K. C/ A4 T3 t9 z- Disable auto-summary* h. N5 V! B+ z) }3 m7 C2 }- N
/ B5 J3 ]0 h- P" Q( g--------------------------
0 \9 O9 V( K* t& E# n' y2 s5 x2 Y$ G2.3 – Implement IPv4 RIP
2 |$ r7 C6 K6 E7 S3 l1 U" z& ?--------------------------
1 O2 w3 s: {- J7 ?
, ?/ O$ d" v7 x: [# E- Configure RIP on SW1 and SW3 / X' x, M( U, W6 I6 g0 d
- Disable auto-summary2 H1 t" R2 u& }" v6 b( s, E
( G- K6 W: R' S2 L6 f; G------------------------------- Redistribute EIGRP into RIP( Y5 o- A2 f3 V* n$ d5 u
------------------------------
' A' U! F7 J. r6 P; ?" r-Redistribute EIGRP 100 into RIP on SW1 and SW3
& @9 l/ \% l" F
+ d8 t& s; _ ^- v--------------------------------
, c3 u9 ?, o. X2.5 Redistribute EIGRP into OSPF
1 m& }0 D8 Z7 r% M+ X--------------------------------
1 Z4 ^% ^3 v4 K% t- Redistribute EIGRP into OSPF.1 M- ~6 G3 z, d) F: i8 @; X
8 P" ?: d1 F+ p M- z* \--------------------------------2 m% _4 P y+ X
2.6 Redistribute OSPF into RIP
1 q/ I6 R9 {* }. z5 f2 o& l T; A# V2 }--------------------------------
% b6 _0 y, P( a8 {* N) J- Redistribute OSPF into RIP4 S1 K# Z# Y; D) c8 I
- Do not redistribute RIP into OSPF
: w8 x) j6 @" U7 Q: o- Area 0 prefix was a IA route and wasn’t allowed to go into any area existing
- v8 N+ z j1 @' q% ?; p) ]) T8 l, G# f" V0 z1 h
----------------------
: i4 P2 ~8 ^" v) n+ M2.7 Implement IPv4 iBGP
7 K- B- q! u0 d/ {. Z----------------------' Q1 [5 Z/ `! r. s. h/ f2 j
-Configure iBGP peering for R1, R2, R3, R4, R5, SW1,SW2 as per the following requirement.
4 l% L; Y0 f8 Z- M- Minimize number of BGP peering sessions and all BGP speakers in AS YY except R1 must have only one iBGP peer: U I; {& [3 [ D7 G9 b
- R1 is the only one allowed to start the tcp connection for the BGP neighbor : J" I% [. X& V* k o/ z
-SW4 is AS 144, peering with SW1 and SW3 , x& j+ C, T1 e' M: h6 {
( e0 \- R# d3 v: t( L0 e
----------------------
+ ^5 V, B; k7 J, X4 P( r$ |* G0 m2.7 Implement IPv4 eBGP
. } G: @3 L( Y. ?1 S! @1 A----------------------* ?* }7 o2 f l
-BB1 and BB2 are AS 254,peering with R4 and R5
p' l# B1 R, {( W+ {; x-BB1 and BB2 are advertising the same routes with different AS Path.
/ v0 b7 B! w0 [5 @4 J-SW4 should see 2 equal paths to the AS 254 routes.5 e& v0 |" g5 _8 p
-Sw4 should load-share and have to paths to the backbones which are placed beneath r5 and r4 on your topology
$ D( `4 U+ H3 W+ Y1 ?( N+ u$ q-Sw3 should load balance between R1 and R2 on your topology all though Sw2
9 s/ [* ?5 g; F7 E% Q) G
1 l; O& I( K3 V' r0 fConfigure BGP as per diagram
5 Z& t) \7 u" G+ e5 m' z- U+ A4 h
* `& f2 L4 j& P& \# z. G/ h, D, ^- When you done the BGP neighbor , you should implement all your address should be reachable from any device, except SW2( U! ^( g. T8 n1 V, }5 R# u1 |
s1 d& D1 Q$ `; I {, ]: o. h3 B' C0 y% c0 g
----------------------0 s+ Q7 c# y9 Q S0 @! L
2.8 Implement MPLS VPN
: t1 {1 m5 y- C% ?+ [$ ^# J3 A! w----------------------1 `6 Q `+ G5 p: K: C6 A
- Sw2 with two loopbacks connected to r3 and r2 on two different VRF
! E; O- X0 X, m% i4 C t- SW2 and R3 stay in CE1 area ,and SW2 use another interface with R2 stay in CE2 area
' ^# w+ x5 M" I; v9 N! t- R2 and R3 are PE devices , run the BGP and vpnv4 and mpls6 O p: K6 N% S* U- {: s
- R1,R4,R5 are P devices, transport the traffic in mpls area; C/ N) K w: w9 P
- R2 and R3 should go through R5 when they start the traffic.9 c$ r X( H8 f( V
- Use the standard protocol to transport the label in MPLS area
, s5 s0 V- N: ?, q9 }) j- ~- Need to enable LDP on all serial interfaces only.
9 \. ^2 J, f# N+ [7 q: q- Mpls must use stable update source
' C. |6 B& ~: S- Sw2 must have two different routing instances in the global one only l0 should be seen J0 t5 R; \9 S! {
$ e4 F$ x; ~2 Z8 h
----------------------/ A$ ?, G3 x# d$ C6 g2 _
2.9 Implement IPv6 EIGRP
3 s c. W3 M9 V, G; u----------------------
S# {8 `" @ k7 l; o-use the EIGRP to make the ipv6 neighbor
' T2 ]7 ~6 i8 W. Q: z- You must ping success for every ipv6 address
' K7 d0 ]9 _5 Q9 |$ X5 s0 V) b
0 c. L- U# r8 a' ~, B" }% A+ ]1 N
" g- g4 n5 T7 ?9 | K3 F0 l, FSection 3 – Mulitcast
$ Y# ^: D/ T+ \% C' W; W o @1 q! k, J, {( y0 W3 X2 r
----------------------
/ `$ ?6 ]5 n$ M5 z3.1 Implement multicast part 1: ?9 v [5 _) }. W- u6 v3 b. p
----------------------" ^% H0 |0 C) G2 v, a. ~4 U
- There has a client located on the link between R4 and R5
( j: S$ \& x- `- Y9 I+ L- Need to create Loopback 1 on R1 and R2 as RP address9 @- _. s2 Z {* T
- Both Loopbacks with same IP address.
9 b. D& @" f# J) ~! U' P% Y) J- h# p- Use the standard RP-select method
) d+ k' ^2 v( ^
7 I1 S3 J9 m, n& _5 _# R A----------------------- Implement multicast part 2
+ @! M9 A# v7 K3 e
----------------------! n# `8 V3 x# U* {$ i, K
-Some router must be the source , and can be get the reply from the client$ @# \& w1 k5 a. K' h& i: x' Q
. P" v; \8 n0 |% _% kSection 4 – Feature ?" K& b& P1 Z
7 Y. |* {6 u* W# A1 O# C----------------------- Implement Gateway load balance protocol' E& c0 n: D. M% k! \1 b
----------------------
/ o" [6 N4 ^8 p1 G- SW1 and SW3 use the cisco proprietary protocol to implement the hot switch-over
2 Y6 X, s4 Y# J9 Z- Use GLBP to achieve the request: l/ e* l. f4 c
- Both two devices use the MD5 Auth to keep the GLBP safe
6 O% j7 Z3 {0 q$ w* c' `' D8 Y" f! y- One of them increase the weight to become the AVG ,the other device is AVF
$ D2 f# a/ @. X9 R2 C* h5 A) f1 O
: l/ E2 q y( S$ t( t3 @. V# m& J. L----------------------- Implement Layer-2 switchport security8 d/ g- ?+ V- J" D; C0 D7 Z7 `/ ?
----------------------
. |% D; N1 r9 o7 L. O) E9 H$ A- Switch-port protected, not allowed to use private vlans. Should use port security to dynamicly add mac add to the configuration. - Five users connect to Vlan 500 ( SW2) & g' _, T- s6 a6 f
- These users will connect from SW4 ( Fa0/1 - 5).5 h, S& H% P: D% K7 [) G+ Y
- This ports should move to forwarding quick.
5 [, S/ h1 @: B3 `0 ?- These ports should be protected and mac address learn dynamically.
1 {9 l" i; F; D0 |0 [* n- Shut down the ports if violation occurs. H: u! f3 k' `: C! Z/ E, A
----------------------- Implement SSH
9 g- Y$ k, T2 m) v& z( R0 D
----------------------
+ S4 R# l: X; D4 \" ]! K- To keep the VTY line security ,you must implement the SSH to ensure the line safe, D0 r ]# w3 E3 |* j
- Two users connect via ssh will go directly to enable mode0 W0 p; L. x0 k
- It is not allowed to cause line con 0 a user prompt when trying to login$ P5 U' ` X- \7 ]7 t7 R& S1 I
- Using only one single extended acl.2 T: x0 o* O+ u, V
S: X& N' r, Y1 ^
----------------------- Implement Mpls QoS+ J& z$ X! E# `1 ]
----------------------" ~- n3 @3 j- f0 {0 I
- policy maps to match different type of qos in mpls is predefined. they just want you to do stuff with it like preserve bandwidth and such.
/ y' s9 F5 B+ \2 s1 _6 @& f3 `! T8 D; ~: U4 C
----------------------- Implement PBR
9 o4 d1 m$ k1 z+ P& T1 g
----------------------
4 T; B' C; l6 j2 J& |- Create Lo100 on SW38 a) I8 A3 i7 t
- Create Lo100 on R5
' K1 Q" E' V9 b+ L) D& E: F-All traffic sourced from SW3 Lo100 destined to R5 Lo100 ( and only this traffic) needs to so via interface between SW3 and R1.% U6 D7 H1 k% ]( U3 E5 t* G
-The rest should load balance.
- ~8 k. `, z1 b' Y& S( K-Use the policy-map and route-map to implement
5 A+ O6 P1 ?9 [6 B. L: m
! ^3 a5 K, y8 d! @Section 5 – Network optimize
' I( `! o7 o1 P
}/ N9 X" a& Y6 p----------------------
9 n/ @+ ~# r5 \$ }5 F, K( Y5.1 Implement SNMP- v# I" N _1 |. S- A) L3 O
----------------------7 m9 v! n( Z ^( V
-Rite the configuration to configuration log and something about saving the last 10 lines
- |4 c2 N; y) I& y0 z2 C: @$ b: ?
----------------------
; O0 \$ _ ]" ]6 R5.2 Implement EEM
; l/ \* y5 s7 ?3 j0 o, M----------------------
/ \7 g) q* N$ N- {-The administer ask you implement a simple script on R37 P" c# p3 u* p1 A
-Need to match " %SYS-5-RELOAD: ", then do a shut / no shut to gigabit interfaces.
! N+ n" i0 y* U
! e- g- ]8 j- D. K7 a: ]" R: [' p |
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
[复制链接]
成长值: 58525
发表于 2013-4-15 11:34:54
置顶卡
喧嚣卡
变色卡
千斤顶
