- 积分
- 0
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 注册时间
- 2010-9-23
- 最后登录
- 1970-1-1
- 阅读权限
- 0
- 听众
- 收听
游客
|
太多的朋友关注我了,我本来不想写战报了,因为前面的战报内容已经和考试内容基本一致了,没有太大的改变,除了TS的考试点要注意。下面我来说说我的情况吧!7 [5 r! E3 K" Z+ Y/ W
字数有点多,但是我已经减了无数字了,希望大家都能全部看完,因为这会让你在接下来的考试得到一个明确的解决办法。3 y) h- s' d; \" A. n$ N/ k0 }
' L S. A$ `8 |. Y% m0 ~
,我正常去HK考试,发现人都到的很早哦,7点45分就有4个人了。人齐后,其中4个路由交换(1个新加波),1个语音,1个安全(印度人)。
( e1 s# t5 l9 T1 m* ~ 开考后,除了32号机架的是TS2,其他全部人都是TS1。而我就是坐38号机架的位置上。2 i/ D, R$ |+ `! T/ {) o2 e# @
填完个人信息后开始考试,但是一开始就发现了一个平时不常发现的问题。就是设备号和配置不匹配。具体怎么说呢?好比TS1的帧中继部分是R22---FR—R23,我打开R22,显示的hostname是R22但是里面的端口却是R23的端口,然后打开R23,竟然里面全部是R22的内容。那就出现了部分信息重叠和混搭了。因为考试的时候不主张问考官,而且还是一开始就问,这样会显得没有配错能力。所以我就开启设备管理器,去重启所有路由器设备,然后重新加载设备。在长达20分钟的重启和加载,问题还是没能得到解决。在万般无奈之下,我举手找考官,Bruce来了后也开始发现了我的这个问题,他的操作是从第一台设备重启到最后一台设备,逐个按钮按(这是最郁闷的…),然后全部重启后,再从第一个设备重新加载到最后一个设备,(这个更加郁闷…心都快憋死了)但是依然也没能解决这个问题。Bruce告诉我先别动设备,他就回去自己的座位帮我弄,过了大约5分钟,Bruce又来了我这,又 把上面的步骤重复了一次(心都快吐血了),在这次完成后,发现设备号终于和配置对上号了。在确定基本没有问题后,Bruce说我是在开考20分钟后举手,而他是花了我20分钟来解决这个问题,所以他提出还我20分钟。我谢过Bruce,开始了这趟TS旅程。$ l4 l( s- s0 K1 r4 V
正式开始后,第一题就是FR,可是我在FR设备看到的所有端口都是管理DOWN的,并且怎么看都不像是有配置的那种。不知道是不是设备还没弄好,我就又开始重启设备。希望能恢复有配置的设备。在过了3分钟左右,设备好像加载了配置,但是我在R22和R23上面去补充完命令后,show fram map 看到的却是一片空白,并不是inactive 或者 deleted。这个时候说不紧张是骗你的。我看看时间,一分一秒的过去,我还没开始正式参与到考试中,那个感觉就像坐云霄飞车,冲到天空的时候你被抛了出去一样。那是一种绝望的感觉。% ~1 h$ b- p1 K
因为不能因为一条题目而影响整个TS的进度,我毅然决定跳过。
S5 K2 C' O# T; b 第二题是交换的题目,问题和战报说的大体一致,也是那么个情况,可是就算我怎么努力的去弄,但是都还是无法让R14学到正确的路由信息,或者可以说R14上只有直连路由的信息。+ q! r4 g! d% s3 [- V
因为不能因为一条题目而影响整个TS的进度,我毅然决定又跳过。
' j7 s( v$ {+ l. P' \2 | 去到MPLSBGP的地方,这个点和战报说的一样,是要解决所以PE需要看到其他的PE有两个RR,但是TR点却并不是我们平时战报说的那样简单。我把所有可能出现的问题都看过了,都弄了一遍,都无法解决。 `5 F7 U5 ]- N/ w- b
因为不能因为一条题目而影响整个TS的进度,我毅然决定又跳过….好了后面大家都应该可以知道了,我这份TS都不知道跳过了多少题。
. b. w5 a7 V3 d
; ~1 G7 @+ C9 U! X Q 在考试的2个小时里面,我花了30分钟解决设备问题。然后有个最主要的问题是38号机架的速度非常非常慢,慢到什么情况呢,开一个R19,我想show run | b ip dhcp 要等上接近足足2分钟时间(放心,绝对足金足两)。所以在所有设备上的SHOW命令的等待时间,就可以用去我30分钟以上的时间,这个时间是绝对的。如果配置多,这个30分钟可能还是很保守的。# A u, \" V) |2 I8 I9 M; K. f" e0 q
所以最终我只有不到1个小时的时间来排除这些问题。9 H/ i B8 M z" B
这里有个绝对建议,希望各位接纳:7 B, f$ @; s! | e
在平时,各位要保证能在40分钟内解决完所有的TS内容,并且可以保证每次的show命令都是准确到位,绝对不能出现show错,或者看些并不能正确解决问题的show命令,因为那个延迟会让你丧失所有的斗志。% ^3 @9 F: e+ L! n. A
对TS的错误点要有100%的准确。你一定要记住这个地方考的是什么,能立竿见影!
9 E# ]0 d4 S- {1 Z$ V你要清楚明白这个考点可能涵盖的其他所有信息。$ u% c, `9 S' a* Z7 O
比如MPLS,你要知道mpls-label这个命令的作用,并且知道交流LDP的Loopback号和显示show ip bgp的Loopback号不同的情况下怎么弄。1 B' e7 V7 q9 `: X# J
最后在设备的延迟,在能力不足的情况下,结果以杯具告终。
. ^: ^: G7 _9 H 好了,我想,或许也是一个时段的结束吧,而这个杯具的人是:小一。" m2 h7 S5 w q4 k8 G f0 V# e
0 O2 Q2 S, }* W; H
我没有什么东西能送给大家,这些是我准备的TS步骤解决方案,本来不打算公开的。但是现在还是发上来给大家做个参考吧,这些解决方案只是针对部分TS的部分错误,并不代表全部内容。4 ^6 J1 y9 G- |
这里有个小小的请求:看了这个解决方案的朋友就自己保留好了,不要转发,虽然不是什么奇珍异宝,但是也是我的个人心血。如果谁需要就叫他们自己去下载战报吧!不下载的就不要发这个信息给他们了。谢谢各位对我的理解和支持。" u4 F J: u2 ?) [
7 M) G. t- R D: l
1 }- H+ M& M, z/ K9 Z9 U% Q N( S7 _2 m2 G$ M4 s
. D: k9 n& h! C0 o; c' k1 k4 A; m( y; }: D0 `- V& S
) T6 y; H( T9 T2 ?) w+ y' _# p0 a: ?
* ~ Z* G" H- w' s- H
9 R! A; G) r3 Q* R
% m8 X7 k6 J5 G$ X
8 x. o6 j' ~; {. S5 G: H. D+ r: t6 D* ?3 A" b7 {+ S/ q
3 Q/ l" Z2 H2 d4 d
TS1
1 J$ e- x9 u( H, E' q e这里的题目均是参照排错题目和部分战报制作而成。) Q1 S1 k0 }. P- n# P" h* g
如需要获得更多详细的信息,请参考以下两份战报。 H Q) I( c- w
1.20110211 成都互联神州 超详细 新TS1++ K2 HK Francisco Fail
5 @7 _8 L% g2 f" h: [2.TS1总结(完全冲刺版)
, S, @! i9 n$ u: q* S此步骤和解释均是个人见解,如有任何理解上的错误或是解释上的错误,请忽略。
$ `3 \& F. q' v. D5 q+ S7 |) ~0 d2 ^6 e1.R16 can NOT ping R19 loopback0, The flow should redundancy with both. Can NOT use static route.
) V0 A' f! I+ Y# M' A3 o; A7 zR16#show ip route
: d9 R; l/ }) |' z, A8 N 172.14.0.0/16 is variably subnetted, 2 subnets, 2 masks
3 k/ `4 p+ O, O/ ~* b" g" HD 172.14.0.0/16 is a summary, 00:13:03, Null0! `# @/ r8 f& r7 L0 P0 O# a2 N
C 172.14.12.8/29 is directly connected, Ethernet1/0) i- O5 m) q: Y$ |6 K- h
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks; R# D' G6 B9 L% P# M( G1 M
D 10.0.0.0/8 is a summary, 00:13:01, Null0" i9 `; e- _9 u1 o+ x
C 10.1.1.16/32 is directly connected, Loopback0* t& J8 Q; Y9 A! c6 v p2 v
R16#
H. A4 ~1 C# h% r# A5 G" A, g//先验证,看不到有R19的loopback口地址,并且所有的EIGRP地址都是汇总地址。3 j7 o4 H: C% M* j
//这里可以发现,R16从R17和R18处收到的EIGRP路由是汇总路由(auto-summary)) q8 W1 v4 c1 R, E# x8 O
R16#show ip pro! A" e! T% \+ `, u f
Routing Protocol is "eigrp 200"& b- h. d2 P3 ^' |$ `/ \# y( l5 x
R16#show run | be r eigrp 200
1 I- m: e: l: zrouter eigrp 200
) [- V3 L& g8 V, z network 10.1.1.16 0.0.0.04 P1 w+ v' _% r( t" d4 Z
network 172.14.12.0 0.0.0.3! o0 ^4 j7 Y$ H) n: D( e
network 172.14.12.8 0.0.0.7e
F+ N- n3 G9 M auto-summary: q1 y; V7 b1 O* I) `5 O
R16#conf t: z/ i3 T0 y# g( a
R16(config)#router eigrp 200, F6 x1 I: B% ^& i
R16(config-router)#no auto-summary/ R4 ]6 P+ X" j( C5 q
R16(config-router)#
4 x' U; J- t: v, L6 HMar 1 00:16:29.647: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.11 (Ethernet1/0) is resync: summary configured
4 t; j3 s$ P1 f2 b0 c# QMar 1 00:16:29.647: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.10 (Ethernet1/0) is resync: summary configured% Y" L& C8 @! @2 O
R17#show run | be r eigrp 200
4 `8 c/ L% z# {5 S# r8 e- p2 orouter eigrp 200
: ]/ ~+ s3 o0 z+ a network 10.1.1.17 0.0.0.0; D6 e) I1 N# v# I4 d
network 172.14.12.8 0.0.0.78 N8 E, o, k- D* W$ C* y$ [
network 172.14.12.16 0.0.0.76 {! Q6 W. U/ x R
auto-summary/ u+ u2 p* x2 z; ]5 d2 v
R17(config)#router eigrp 200
1 i2 x" h2 } o ZR17(config-router)#no auto-summary$ ]7 c9 l* s, A. P4 Z3 q" V) K
R17(config-router)#7 o2 [0 p; r! {) x0 V, X) p: z
*Mar 1 00:17:23.725: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.12 (Ethernet0/0) is resync: summary configured
- [% @; G e& P- f- h7 Q*Mar 1 00:17:23.725: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.11 (Ethernet0/0) is resync: summary configured
8 O3 A) A1 c9 ]4 i, i! |R18#show run | b r eigrp 200: s8 {* ]; Z2 ?8 ]
router eigrp 200
* T% N, p+ c% O network 10.1.1.18 0.0.0.0
$ t+ u0 H1 ]6 y: O( h f; o network 172.14.12.8 0.0.0.7 y$ V R& {2 k9 Z$ H
network 172.14.12.16 0.0.0.7( { U; H2 q; t& \9 E4 ~
auto-summary% V! R# O$ _5 u6 b
R18(config)#router eigrp 200, O8 O5 _$ w+ ~
R18(config-router)#no auto-summary
" X" W1 n3 d6 Y$ kR18(config-router)#
% Q( B( I* d% h9 a*Mar 1 00:18:39.347: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.12 (Ethernet0/0) is resync: summary configured
' ?. Y, \; P x; j. m" ]1 ^' e*Mar 1 00:18:39.351: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.10 (Ethernet0/0) is resync: summary configured
" E" Y6 z) Y0 S. RR16#show ip route' D, m& G- I* y0 ~8 r9 R8 R# R
172.14.0.0/29 is subnetted, 1 subnets
* N, V9 U3 ~7 v# `5 y- R( M( MC 172.14.12.8 is directly connected, Ethernet1/0
9 {) r- G; f B5 I# I) K 10.0.0.0/32 is subnetted, 3 subnets9 b R$ N) d1 e" K
D 10.1.1.18 [90/409600] via 172.14.12.11, 00:31:45, Ethernet1/0
' C, h2 f8 h$ s/ H" `C 10.1.1.16 is directly connected, Loopback0- V: m( _ [$ `" f8 n" ]0 X
D 10.1.1.17 [90/409600] via 172.14.12.10, 00:33:00, Ethernet1/0
1 M( g# A" \6 T, e- V8 BR16#7 S# U$ f" l, m' U8 ?/ h% y
//这个时候,R16可以收到R17和R18发过来的明确路由了,但是依然没有R19的物理接口路由和Loopback口路由。
1 { L3 h' K: A. L- n//去R17和R18上看看有没有R19的直连路由。" ]0 R. W) ^( M. Z" C# T
R17#show ip route
9 N$ g n1 J/ g; ~2 N5 E 172.14.0.0/29 is subnetted, 1 subnets
; t2 |; ?. s' R" vC 172.14.12.8 is directly connected, Ethernet0/0
, p- y2 T2 \( h" L. x, P7 x 10.0.0.0/32 is subnetted, 3 subnets
* G) p' G1 Z& u* ^) {D 10.1.1.18 [90/409600] via 172.14.12.11, 00:32:38, Ethernet0/0& e7 H+ W' W. `$ s; ?
D 10.1.1.16 [90/409600] via 172.14.12.12, 00:01:47, Ethernet0/0- q( g; j/ t9 R7 V4 ~, F
C 10.1.1.17 is directly connected, Loopback0
9 c! M& X7 W4 J% }6 i! ^//R17也没有R19的直连路由,查看接口地址是否UP。
7 ^8 y+ E7 Q' cR17#show ip int br
' l$ e( [" B }6 y( BInterface IP-Address OK? Method Status Protocol
# F. c+ M2 J: eEthernet0/0 172.14.12.10 YES NVRAM up up 5 `. `* |0 ?4 p2 Y7 I# c4 n
Ethernet0/1 unassigned YES DHCP up up 1 m8 r! s0 n5 R7 t+ k
Ethernet0/2 unassigned YES NVRAM administratively down down
8 d \+ z0 Y1 f! g3 ^Ethernet0/3 unassigned YES NVRAM administratively down down
/ e) U. b0 M2 v! j. h: TLoopback0 10.1.1.17 YES NVRAM up up
S' g8 K( O/ k9 j$ \: B* }5 DR17#+ p( ^* v7 q3 p5 W! a
//发现R17连R19的E0/1是通过R19的DHCP分配的,因此去检查R19的配置。3 T) o3 W; P' p( q$ Q& k
R19#show ip dhcp pool/ T" b+ \( I4 ?0 a
Pool dhcp :
/ O/ U. l! q/ T Utilization mark (high/low) : 100 / 0
, @+ r8 F+ g# K8 @9 n" i( S Subnet size (first/next) : 0 / 0
2 _# y, h, A0 v% S7 v Total addresses : 6
- F# X% A9 b9 ?5 P Leased addresses : 0
6 {6 R1 h" ?; X$ ~! Q- p4 G! f' E! V Pending event : none% X! m6 i% `( O0 T z
1 subnet is currently in the pool :& u( ~, b$ T& x6 H9 u2 `: }
Current index IP address range Leased addresses
/ T! d T% j$ k% Z9 d, g 172.14.12.17 172.14.12.17 - 172.14.12.22 0
' B8 P" Z) H8 W# ^' UR19#: l" r% `( ]( O. e& ]% J
//R19的DHCP地址池中一共有6个地址,被使用的是0个。地址池的范围是: 172.14.12.17 - 172.14.12.22
4 l& X) W1 j; Q& U' v5 w! R//检查R19的物理端口。" B, H1 U) L) A3 ?+ }- ~8 G
R19#show run int e0/0
6 t" V5 w# f/ Uinterface Ethernet0/0# L0 {8 J, I4 L$ C
ip address 172.14.12.19 255.255.255.248
9 \4 p( C& Y* a6 S1 W! X. s ip authentication mode eigrp 200 md54 |( w. S' F b% b7 Z- Q4 E
ip authentication key-chain eigrp 200 eigrp
8 C1 R! X8 }& ^ half-duplex* C+ _, Z* |6 F4 o4 h2 p
end+ {4 X! N1 C( Y2 e. ~- [
//地址掩码匹配正确。255.255.255.248 是/29位地址,每八位递增一个子网地址,那么172.14.12.0的下一个子网地址如下:
+ H5 J3 n+ G; K5 T. K- d/ r//子网地址为:172.14.12.16
B: Q d+ A6 i- P7 b//广播地址为:172.14.12.235 Q$ X, l( h# q, _. L
//可使用主机范围:172.14.12.17-172.14.12.22
0 _) p+ q. a" M& _//检查是否有命令把DHCP给block掉了。. v; o$ w% Q$ d+ b! w
R19#show policy-map! T* Z8 `# M5 T
Policy Map xx) Q$ a5 R9 |2 R! Z4 o
Class xx
' l, s$ @+ [- a1 y. Z8 D2 ? drop
6 M4 T& @3 ]- k+ B% b0 h- _R19#show class-map xx9 X. W4 \& ]3 \( e. t4 ?. k
Class Map match-all xx (id 1)
1 }3 H2 l, }: i1 P: E* F& b5 D Match access-group 1009 R1 U) U" x& Y- v7 H' i
R19#show access-lists$ T2 g4 L% s+ ?1 G% Y
Standard IP access list 1
5 u: \% A7 Y* X" @! q& l6 E2 [- C _ 10 permit 172.14.12.0, wildcard bits 0.0.0.255- G% ?, X4 }' \8 F
Extended IP access list 1005 B- y N4 N1 V9 B1 N/ z
10 permit ip any any (52 matches)# a9 V+ q2 U# H3 o5 l7 F) A
20 deny udp any any! ^- f7 L# N3 ~- U$ Z0 V7 B4 ?2 `/ b) i
R19#/ ?% t* _8 }9 {9 u
//可以发现,R19通过policy-map把IP包的数据流给drop掉了。0 G+ J* Y. p3 t0 ]2 c, I( I
R19(config)#policy-map xx( }: E- c1 c9 E1 a
R19(config-pmap)#class xx
: V! o8 O7 Z7 t% LR19(config-pmap-c)#no drop% W- E9 x5 \- y3 `5 L
R19(config-pmap-c)#2 M- Q% o7 W0 I& p6 k
*Mar 1 00:07:09.851: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.17 (Ethernet0/0) is up: new adjacency
- W& t8 s/ h& }( `: \; [2 I*Mar 1 00:07:10.195: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.18 (Ethernet0/0) is up: new adjacency
8 Q5 V# S, T' X//同一时间查看R17的弹出信息和R18的弹出信息. J4 N. F3 O7 S0 T
R17(config)#5 D# c( F! d2 I6 K- K
*Mar 1 00:07:10.207: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.19 (Ethernet0/1) is up: new adjacency
, I' v7 g$ u0 Q( M0 x2 C1 ^, h& Y*Mar 1 00:07:10.523: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.18 (Ethernet0/1) is up: new adjacency0 ?2 ^1 j n2 m+ r' G u
*Mar 1 00:07:10.959: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/1 assigned DHCP address 172.14.12.17, mask 255.255.255.248, hostname R17# I8 p( r) ?' C+ H$ j' Z
R18(config)#! ]: F3 h% M/ O8 Y
*Mar 1 00:07:10.795: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.17 (Ethernet0/1) is up: new adjacency: l6 d& t# O! \' a. a k
*Mar 1 00:07:10.807: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.19 (Ethernet0/1) is up: new adjacency
- L4 q; c4 I4 j. S }3 Z4 s; U5 ^*Mar 1 00:07:11.887: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/1 assigned DHCP address 172.14.12.18, mask 255.255.255.248, hostname R180 b/ l6 u2 ]) |5 W# @5 x0 F1 R9 J% H/ q3 q
//这时,R17和R18已经获得了R19的DHCP 服务器分配的IP地址。4 h( V0 v, m; } |
R17#show ip int br
# ?) p0 b$ o' qInterface IP-Address OK? Method Status Protocol
( N& L0 a) y; g3 z" b* tEthernet0/1 172.14.12.17 YES DHCP up up
- ]: t1 `+ ~! [+ }0 B7 WR19(config-pmap-c)#do show ip route
6 h) t: U/ J, H 192.168.14.0/30 is subnetted, 1 subnets
, R x6 S k0 G; G% M* H1 J, VC 192.168.14.0 is directly connected, Ethernet0/1
6 |3 x$ O7 K$ \! m& K 172.14.0.0/29 is subnetted, 2 subnets
* m, k! W( p8 u( gD 172.14.12.8 [90/307200] via 172.14.12.18, 00:03:00, Ethernet0/0% H! A% R9 q$ [$ L0 h8 A% s1 J3 L' ~
[90/307200] via 172.14.12.17, 00:03:00, Ethernet0/0% h4 N7 n/ [7 N. b8 Z6 l* T
C 172.14.12.16 is directly connected, Ethernet0/09 X8 E" p# R( Q3 G2 H/ X, H# A3 R! |
10.0.0.0/32 is subnetted, 4 subnets
' p: U. }6 p( s# r0 `' zD 10.1.1.18 [90/409600] via 172.14.12.18, 00:03:00, Ethernet0/0. `9 i5 Y! {. V: B) R7 X N
C 10.1.1.19 is directly connected, Loopback02 v8 H& w: Z2 B4 M& X
D 10.1.1.16 [90/435200] via 172.14.12.18, 00:03:00, Ethernet0/0, n& c' F% _2 U& x
[90/435200] via 172.14.12.17, 00:03:00, Ethernet0/0
|" G" V2 `' @: ED 10.1.1.17 [90/409600] via 172.14.12.17, 00:03:00, Ethernet0/07 |$ W2 x$ @ Z0 Q; \
//R19和R16,分别有了负载均衡到对方的路由,并且可以Ping通。
- [$ L5 G% z0 h4 x* b* _0 fR19#ping 10.1.1.16$ V! W9 G& k8 M% c
Type escape sequence to abort.
% m _' d! t1 Z6 u5 PSending 5, 100-byte ICMP Echos to 10.1.1.16, timeout is 2 seconds:+ q" ~4 K- R5 p, O
!!!!!
( f. N% c4 T; s& lSuccess rate is 100 percent (5/5), round-trip min/avg/max = 96/109/136 ms
) V8 L% v# u/ }5 |# Y6 o KR19#
% ~% ?5 U6 n+ G: {( `R16#ping 10.1.1.19
! V5 \1 p0 c0 ?% dType escape sequence to abort.
! M& Q0 p: l8 k& \' t) r- aSending 5, 100-byte ICMP Echos to 10.1.1.19, timeout is 2 seconds:% X# N5 e4 C% Y/ Y2 c
!!!!!* U" W1 T6 ~6 A
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/120/148 ms
# B, R6 Y! ^8 gR16#+ B3 r K' ]2 G0 J' F* n f
2.R15 and R16 can NOT established EIGRP.4 E( `' M" ]+ c. q5 q
R16#show ip int br* _$ h1 O% u6 ^
Interface IP-Address OK? Method Status Protocol
3 T/ N" d3 T) PSerial0/0 172.14.12.1 YES NVRAM up down- S. c8 ?/ [3 x
//首先在R16上确认情况是否属实
4 I9 w: a: m/ I: H4 i9 U4 z" W9 PR15#show ip int br
$ r1 j- [- |1 c( D4 z0 r- MInterface IP-Address OK? Method Status Protocol9 E; t+ X$ y. B
Serial1/0 1.1.10.2 YES NVRAM up down
& h% O0 H6 {# [% rSerial1/1 172.14.12.2 YES NVRAM administratively down down
/ f$ \& i# f5 g- @; I9 J) r4 nR15(config)#int s1/1
+ w) G- Z1 K" g7 s3 {. xR15(config-if)#no shut/ ~4 i$ q1 P( X# @3 u6 ?
R15(config-if)#
; o2 F9 ~. v/ @8 T8 F$ ?3 d*Mar 1 00:03:25.943: %LINK-3-UPDOWN: Interface Serial1/1, changed state to up
0 I8 D7 {2 B+ l2 `4 M3 ^//通过这条提示,我们可以知道,物理链路UP,但是没有收到协议UP的消息。; w/ Q& e2 w0 S* B
*Mar 1 00:04:41.319: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up% S- u* n/ O/ J/ ]) l% Y$ T7 D8 ]
*Mar 1 00:04:42.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to down
( z6 K; X2 h; R. v) I//出现协议UP DOWN的情况,多半是认证不通过,此时应检查端口情况。
* s" C. d% m! S; pR16#show run int s0/0% n% P" u! u C' d
interface Serial0/0( Y7 @+ }" l3 G# N4 l
ip address 172.14.12.1 255.255.255.252
* a1 Y. @! Q+ N# ?: j5 ~ encapsulation ppp6 e; t. V$ }; a+ t# z
serial restart-delay 0+ H& O2 u# I2 w2 j! F
ppp authentication chap6 n: l) S$ \ F. } ]
ppp chap hostname ccie- M b. W; V. }* q; g6 V
end0 s. ~' i7 V3 H/ u l& m
R16#show run | in user
. D _; @. p3 o* M/ Rusername R15 password 0 cisco
4 ^( c: d+ M; j//这里可以发现R16开启了PPP认证。
- D3 z! F8 Y; N" q2 g//通过这句话:ppp chap hostname ccie可以知道R16也是被认证端(也就是双向认证)。: t) k' f$ {+ F$ F3 c2 a% Z$ z
R15#show run int s1/1- z& S% S" @. f, ^( V3 D0 f
interface Serial1/1
6 x+ z1 L6 W/ {; L; O2 p ip address 172.14.12.2 255.255.255.252
. O6 y1 u) Z0 s; s' S: `8 ^ encapsulation ppp
: n6 }& i# B2 I4 m5 x8 P6 } serial restart-delay 0
& @& b$ R% a+ U" r clock rate 252000
) n# x8 g& s2 X) V6 e ppp authentication chap
6 `7 o6 u9 ?9 U' e ppp chap hostname cisco9 O K" J Y% Y6 Y: H, v
end$ F2 ]8 n$ Y: `& k) K8 }
R15#show run | in user- \( l" E3 O% C% z6 m0 C
username R16 password 0 cisco% O6 v. u, x1 F
//通过以上信息,可以发现R16和R15双向认证不匹配。
2 T+ q$ k& D; e/ ?& v这里我们做以下整理:; A$ l% r) h! n( |; C
R16:
) p6 Q- g5 t1 L: u0 C) [+ s3 Xusername R15 password 0 cisco //这里的信息要和R15匹配
0 y4 M1 s: e5 S* R- S: ^3 X //username R15 是对应对方的hostname" j$ T6 G/ s, S. N
//password 要双方一样
8 K8 o$ x, \$ o* P5 O P* zR15:
+ i0 m* @ J' D4 f7 Nusername R16 password 0 cisco //这里的信息要和R16匹配5 W- S, ?. m5 f( W% R- G9 }8 L
//username R16 是对应对方的hostname
0 e3 I+ C9 l9 N& m$ \: h: @5 Q5 E //password 要双方一样
$ u; w, Q+ x. u) p1 v0 GR16 int s0/0: 3 G! U8 D( T. @1 H7 N y
ppp chap hostname R16 //R15定义对方的username
7 b N7 [ ]2 g5 R. Q ppp chap password 0 cisco //R15定义对方的password
7 ]% i( U% V P( x' q( {R15 int s1/1:
; G1 T* \) l( z4 ?% g; ^' c ppp chap hostname R15 //R16定义对方的username
- r5 r& |0 L9 a- x6 A/ q- ]1 K ppp chap password 0 cisco //R16定义对方的password
c. u: L P' t: |. j/ ~: KR16(config-if)#! U' x: J# ~8 c/ Q' V9 ^
Mar 1 00:29:08.831: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
4 N3 K" o3 u q8 P2 Y5 T" pMar 1 00:29:09.067: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.2 (Serial0/0) is up: new adjacency
1 n7 n& h( Y) Q0 W- a. k9 o* X/ iR15(config-if)#
! i5 J& M, b6 y( D) R5 [- r*Mar 1 00:16:01.907: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up
6 u, l0 ^. r; D6 K- K X. r l+ a*Mar 1 00:16:02.519: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.1 (Serial1/1) is up: new adjacency! w* }+ }3 |; _# ? c: w
//修改完成后,出现以上字样,代表协商成功,邻居建立。6 R, ~+ h+ o t3 R6 a. E
//此时再查看EIGRP邻居。2 b8 J* b) c. o
R16#show ip eigrp neighbor& [4 I5 h: X) B- b" D0 ?5 f
IP-EIGRP neighbors for process 200
5 ^/ X! B5 }6 [6 j: EH Address Interface Hold Uptime SRTT RTO Q Seq0 C3 l) Q. P7 t9 C
(sec) (ms) Cnt Num
$ _* B% C) ?2 v5 t1 H3 U2 172.14.12.2 Se0/0 11 00:02:53 148 1332 0 3
* b a) U% O$ x% x$ j2 [0 X2 MR16#- Z6 u& ~- b) ]% @
3.CE R15 Loopback0 and CE R7 Loopback0 , there are can NOT ping each other’s.# L* r/ A- z* {5 b$ Z+ W
(Four PE route require display another three PE loopback in show ip bgp.)+ Z" r4 W, B5 p- F
解决这题就应该有一个良好的步骤和习惯:(参考TS1总结-完全冲刺版)
5 t& F& x( M! K* L* ~' g1.首先解决直连路由问题) e% ^" u$ I8 S J! h" x2 z
2.解决IGP问题
+ h. n6 L9 \# C% N3.解决BGP问题
" c2 p$ V, r5 \- x4.解决MPLS问题2 j" ~7 e, M+ z5 c* y: w9 v
5 X0 e* K, ~# S首先查看R15和R3是否成功建立了EIGRP邻居,是否能收到EIGRP和VRF过来的路由。7 S$ R$ R( R4 b/ x" {
R15#show ip eigrp nei2 a1 I: g) E5 B& Q
IP-EIGRP neighbors for process 200
' G" \1 D" e) E! M5 l# H' DH Address Interface Hold Uptime SRTT RTO Q Seq6 j/ U* m0 K1 @4 {& R
(sec) (ms) Cnt Num0 i/ E4 P- r7 {4 @2 P$ e+ `! \
0 172.14.12.1 Se1/1 14 00:13:02 60 540 0 285 b: f5 g4 b X4 F8 j
R15#& c3 W3 X$ b3 X' M0 J( O
//这里可以明确看到,R15这个EIGRP的邻居是刚刚建立的R16的EIGRP邻居信息。
; D3 l- o/ @; C6 d//这就说明R15还没有和R3建立起EIGRP邻居关系。9 }5 C2 O" A3 e$ d/ O$ X
R15#show run | b r e
2 c4 Q D+ i m1 Crouter eigrp 200
) i6 W/ z. N: k5 U, j2 F! W network 1.1.10.0 0.0.0.3
; ?) V6 u/ m9 I+ S' _% U0 G6 D- F network 10.1.1.15 0.0.0.0# v! S( G K0 q% ?
network 171.1.1.1 0.0.0.0
* G k8 _ ]! j/ g k network 172.14.12.0 0.0.0.3
, l) c. r# ?7 ^) c" i9 } no auto-summary, K3 l, y: O7 {, a3 A5 y# |
//R15已经把自己接口和Loopback地址宣告了出去。
( l7 z! I* C4 v, d+ qR3#show run | b r e! u- h. \7 v9 S) p( z% f
router eigrp 1( x# m& O2 ~2 v# ~/ }1 a3 m% z, }
no auto-summary4 [9 y2 Z; n' C& R, N
!
# z J' `) W( @4 S$ d8 C address-family ipv4 vrf site-b; Z5 Y4 M- J, b2 _
redistribute bgp 3 metric 100000 100 255 1 1500
5 _4 E! X3 P; L" `6 i8 L, K network 1.1.10.0 0.0.0.3) O& G; L* t2 ~* _8 O
no auto-summary
, b4 s5 G8 c9 u9 l. l( L. i exit-address-family
% h& r( G1 ?1 v9 y R//R3也已经把自己的直连端口宣告了出去。
- g+ ^: y* q9 N+ w* S1 `//R3和R15应该是通过EIGRP200来建立邻居关系,而当R3建立了VRF后,R3的路由表应该要转移到VRF自己的路由表中。 `$ f, W# h |2 g2 x8 m; q
//所以我们应该要在VRF下建立一个EIGRP200的自制系统和R15进行协商。0 f: w, e7 O, ~2 i3 c4 c
R3(config)#router eigrp 1
! N% j; V X+ |# YR3(config-router)#address-family ipv4 vrf site-b8 |9 U1 {1 R) @" T, G3 u6 E+ ~5 C) F
R3(config-router-af)#autonomous-system 200/ H' h8 B8 b" I3 H- o
R3(config-router-af)#
# C& F4 D9 O, @) e*Mar 1 00:10:44.199: %DUAL-5-NBRCHANGE: IP-EIGRP(1) 200: Neighbor 1.1.10.2 (Serial1/0) is up: new adjacency1 G! n; K5 @2 x4 w% }+ e) u/ O
R3#show ip eigrp vrf site-b nei( L* R. f) Z9 K2 W2 Y" z* j
IP-EIGRP neighbors for process 200 b5 Y* d) t6 [: D3 O) S
H Address Interface Hold Uptime SRTT RTO Q Seq+ B; D9 ?2 Q! `7 {, s% K/ e. N
(sec) (ms) Cnt Num
5 W. m7 q* M* O' O. g0 1.1.10.2 Se1/0 13 00:00:52 217 1302 0 11
6 m+ f9 V$ ^- i: T; sR3#
. U" J# e, \! @6 D* \//这时,我们来查看R3的EIGRP VRF的邻居时,就可以发现R15的邻居信息。
, P5 a. O# q) S0 qR15#show ip eigrp nei. G7 `. x, L) ~
IP-EIGRP neighbors for process 2002 ~, ^" L: y* ?7 m6 u" ^
H Address Interface Hold Uptime SRTT RTO Q Seq
; m3 { O+ \& z# Z: r( g (sec) (ms) Cnt Num
; ~/ u6 v/ @% A5 l8 X7 }1 1.1.10.1 Se1/0 12 00:01:43 511 3066 0 4( _3 j( x7 L. G4 h; ~* p
0 172.14.12.1 Se1/1 10 00:22:53 60 810 0 29: h/ m1 B4 ^- U2 |
R15#
/ R% e$ l' ~; c# i4 j/ v//与此同时R15也能正确的和R3建立起了EIGRP邻居关系。7 X5 t6 p7 p5 r) R
R3#show ip route |* h" v' F. g& |
172.14.0.0/30 is subnetted, 8 subnets
* [1 z8 b) |) h# oC 172.14.8.32 is directly connected, Ethernet0/01 T& c" A8 ~) d3 s
O 172.14.8.8 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/2, }, ~; e! s% _% ^: V
O 172.14.8.12 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/2
T: O8 {0 }) rC 172.14.8.4 is directly connected, Ethernet0/2% k- z7 T, A2 g
O 172.14.8.24 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/0
! B2 n! f1 E, `/ c4 A: KO 172.14.8.28 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/0% o) f" M8 @+ [1 N B4 G1 }
O 172.14.8.16 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/2, k3 F9 c5 C( L. i2 Y" x
O 172.14.8.20 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/0, i2 U/ r% f+ n" _
10.0.0.0/32 is subnetted, 6 subnets
" c' h0 ]& g/ j4 c" `O 10.1.1.2 [110/11] via 172.14.8.33, 00:01:06, Ethernet0/08 S1 i8 a1 |" r4 k9 w
C 10.1.1.3 is directly connected, Loopback0% B I! {; y9 C. ~3 i9 K, ~$ N7 x
O 10.1.1.1 [110/11] via 172.14.8.5, 00:01:06, Ethernet0/2
9 i& {% V+ G* w6 L9 xO 10.1.1.6 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/0' ]+ f0 R: H& |' j
[110/21] via 172.14.8.5, 00:01:07, Ethernet0/2
* Q+ j2 B1 P! VO 10.1.1.4 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/08 ]% [* X* p" `
[110/21] via 172.14.8.5, 00:01:07, Ethernet0/2) m; c6 c2 L' \+ y
O 10.1.1.5 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/0
& h4 L i2 b: G7 \7 N- o' R1 ?; c [110/21] via 172.14.8.5, 00:01:07, Ethernet0/2% L0 @) s5 a/ e3 ?
//从这里可以了解到R3通过OSPF已经学到了各台P和PE设备的RID。. w' u$ L& H- F
R3#show ip bgp
5 {& C) {1 W& C4 cBGP table version is 10, local router ID is 10.1.1.3
7 s! \" A4 `' X6 o5 Y Network Next Hop Metric LocPrf Weight Path
5 ^5 D% q* I: m8 X0 `' O0 {) Ar>i10.1.1.1/32 10.1.1.1 0 100 0 i
% _, ?9 e9 n9 H! G. H# @5 d$ Cr>i10.1.1.2/32 10.1.1.2 0 100 0 i( A5 [' a/ d# N2 S, p9 W; K" d* c
*> 10.1.1.3/32 0.0.0.0 0 32768 i
3 v3 U( c: Q4 \/ N7 l$ ^! jr>i10.1.1.5/32 10.1.1.5 0 100 0 i
. O- U8 r& A2 L, ]8 [r>i10.1.1.6/32 10.1.1.6 0 100 0 i F8 ]4 E2 I7 d3 j
R3#9 G3 {, X; s5 H( W* ^/ m) u+ H
//从IPv4BGP表中可以发现R3没有去往R4的BGP路由。
& w6 p# d) x( e8 G) k( e//现在这个题目是要解决从CER15去往CER7的路由要通。所以R4的问题稍后解决。
- I: S/ T& G! u" L5 tR3#show ip bgp summ& F: b1 M+ M3 Q6 Z
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
& ^) W, N" v+ h: c' d [10.1.1.1 4 3 26 10 10 0 0 00:06:07 1- A0 [6 k# W& D4 W6 c
10.1.1.2 4 3 28 9 10 0 0 00:05:53 3
6 G4 z& g) Z. R4 n& p& qR3#show ip bgp vpnv4 all summ# M: y' j' `# N$ ^- e% V
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd9 X5 h1 t0 [3 I4 d5 i, n' [" k
10.1.1.1 4 3 26 10 24 0 0 00:06:32 114 ~* y. c( `2 x& X* c0 V8 o
10.1.1.2 4 3 29 10 24 0 0 00:06:18 11/ e9 T! S- [- S+ j" e2 t
R3# u2 s, [4 V& A2 {$ \2 ]! A
R3#show mpls ldp nei
9 @$ U4 g* I" W- s Peer LDP Ident: 10.1.1.2:0; Local LDP Ident 10.1.1.3:06 D9 r K- B3 F1 T* B0 q' s
TCP connection: 10.1.1.2.646 - 10.1.1.3.52569! \. f; o7 J9 F# T! N) Q f
State: Oper; Msgs sent/rcvd: 25/24; Downstream( C I/ M+ Q% r, y, H3 Z
Up time: 00:06:50
s, v: K4 j. O" `) S/ o) t+ k LDP discovery sources:
3 Y# m- H$ ?9 P G Ethernet0/0, Src IP addr: 172.14.8.33
9 y7 _ t+ p- I; v* L Addresses bound to peer LDP Ident:
* r3 v- z5 e3 q- S5 m3 P! m 172.14.8.33 10.1.1.2 172.14.8.25 172.14.8.29$ L1 P; E# Y* m T6 G
172.14.8.21
& D J G2 g; {9 ]R3#
5 T2 K9 B3 C4 X//这里我们可以了解到R3没有和R1建立MPLS邻居关系。- Q0 P; `5 A3 T
//我们可以查看R3连接R1的直连端口。
. |; L# Y& i5 `# W7 B8 U, r0 r1 m: hR3#show cdp nei
& I0 L- f- y8 q' KCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
/ O( k9 c+ |% ]/ q2 j/ F S - Switch, H - Host, I - IGMP, r - Repeater
. p4 d* Q6 u( x2 ~% RDevice ID Local Intrfce Holdtme Capability Platform Port ID
$ b6 y! {' D. L* lR15 Ser 1/0 171 R S I 3640 Ser 1/0
, L+ f# [# |; J! R8 ?R2 Eth 0/0 160 R S I 3640 Eth 0/0
9 @8 R5 N# q& Y; HR1 Eth 0/2 165 R S I 3640 Eth 0/2
! U J1 G2 {4 S1 D4 f2 n' X& L; xR3#$ Q. P- h+ k$ U* x- o
R3#show run int e0/2& `9 B8 g, l8 m1 _! d0 X1 D
interface Ethernet0/2/ C/ s" D+ ]0 N5 X- E+ W
ip address 172.14.8.6 255.255.255.252
+ S( k- H# `$ j ip ospf message-digest-key 1 md5 cisco
# g. D' y# G8 d. X s half-duplex
' T' C' s; @4 j/ Z2 [; g mpls ip
# F& I% c6 t+ Wend( i& H1 X3 N. y& m# }" l
//在确保R3的e0/2接口没有问题的情况下,去R1的e0/2检查。
7 h, m0 j' Y9 E
; z B: m Y% V. o8 L+ O: I8 pR1#show run int e0/2 `4 {/ u4 {. V
interface Ethernet0/23 N( X0 I, j; o, x9 }% ^
ip address 172.14.8.5 255.255.255.2523 l; }+ |8 U& U* F7 s
ip ospf message-digest-key 1 md5 cisco
4 E, M& s% w; i/ k; ]# U# x half-duplex8 S5 l" J2 {1 v( e- s6 Q6 b
end: i. G* {1 F# C# q9 z! n8 q
//我们发现R1的e0/2缺少了MPLS IP,把它加上。
9 l2 R- v) T. I9 A//因为P设备和所有的PE设备在直连端口都应该打上MPLS IP ,所以可以使用range这个字段来囊括所有的端口。
" j7 C/ g" A. H7 `+ aR1(config)#interface range ethernet0/0 -3
+ j; i" D3 l- U" C2 ~- xR1(config-if-range)#mpls ip
! T- N5 m% p2 j" d4 hR1(config-if-range)#
4 V2 Y7 Q! Y5 X5 n W7 Y*Mar 1 00:14:47.935: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.3:0 (2) is UP; T3 O$ R, `% Z# R, Z
*Mar 1 00:14:48.003: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.6:0 (3) is UP* D$ a6 C/ F2 q. P4 c6 d$ R q
R1#show mpls ldp nei
# e% X: M2 e) L; m, c7 r6 a Peer LDP Ident: 10.1.1.5:0; Local LDP Ident 10.1.1.1:05 d, ^! ~; a. C" ?* ?9 r+ h. \4 D
TCP connection: 10.1.1.5.47537 - 10.1.1.1.6460 S8 y- o/ C' \- ?- }$ d0 m
State: Oper; Msgs sent/rcvd: 31/32; Downstream
. K W# F+ W' J+ V( S6 B Up time: 00:13:09
) S' }5 g) k" R6 j LDP discovery sources:
, }) H' u& Q( T" q; [& L Ethernet0/0, Src IP addr: 172.14.8.18& U* b2 v) t$ y* w8 B
Addresses bound to peer LDP Ident:
; E6 N9 M/ |. U 172.14.8.18 10.1.1.5 172.14.8.229 B0 x9 t" b7 |
Peer LDP Ident: 10.1.1.3:0; Local LDP Ident 10.1.1.1:0
0 n+ h$ k) L# S2 `5 V3 w TCP connection: 10.1.1.3.61492 - 10.1.1.1.646! d) i/ J9 e8 D' v5 K
State: Oper; Msgs sent/rcvd: 18/17; Downstream6 A$ M$ `* h" G9 e
Up time: 00:00:55
+ h$ E. W$ r$ k* I* O LDP discovery sources:) y- w3 `: e5 P% Q0 Z
Ethernet0/2, Src IP addr: 172.14.8.6
% h/ q; C9 Z6 S3 j* {, Z Addresses bound to peer LDP Ident:
c: e* q$ ], d! i: Q, J* j 172.14.8.34 10.1.1.3 172.14.8.6% J z/ L5 f: r& a i: }
Peer LDP Ident: 10.1.1.6:0; Local LDP Ident 10.1.1.1:0
: d4 G" z" H, C; ]+ A: s) X% i- ~ TCP connection: 10.1.1.6.11900 - 10.1.1.1.6467 [1 K2 c. g- X. c# f6 b) \6 ~
State: Oper; Msgs sent/rcvd: 18/18; Downstream
) K) Q+ u4 B3 y0 ~- x Up time: 00:00:55( ^ w- s- d# `6 N# e, G
LDP discovery sources:
$ \: t2 A& Q/ ~ Ethernet0/3, Src IP addr: 172.14.8.14
% C2 A2 [4 H4 I; z) F/ Q4 H Addresses bound to peer LDP Ident:2 U% m* [. f5 |" n2 k3 n
172.14.8.26 172.14.8.14 10.1.1.6
8 z, b" {: E2 ?+ w: Y' x8 @: {& UR1#
, A6 h" z# i3 t2 E//R3 已经存在于R1的MPLS表中。
; T" X3 U q/ }7 Q( z//R1是P设备应该有4个PE设备的对端,而且从RID地址可以了解到R4没有在R1的MPLS表中,这个记住,一会解决。0 |% T; Y4 I" ~
R6#show ip route
2 ^+ _# O+ D& N1 x% Y$ V; T 172.14.0.0/30 is subnetted, 8 subnets8 \4 J% x1 |6 J# ^
O 172.14.8.32 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/1% d3 M+ L$ W1 c+ Z$ b. r- b
O 172.14.8.8 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/3# Z4 g1 k1 Z, @1 x7 s( D9 \
C 172.14.8.12 is directly connected, Ethernet0/3. l0 }) S' U& h8 z. s, f: v+ N7 T
O 172.14.8.4 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/3
0 [, h$ v: v v7 D/ @ F# XC 172.14.8.24 is directly connected, Ethernet0/1
7 X0 w: r. d* S T$ h. CO 172.14.8.28 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/1
5 W) I' V- m) P! B, _" tO 172.14.8.16 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/3
2 e3 k, K! ?3 j3 i k6 DO 172.14.8.20 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/18 \; {# j. G m; c
10.0.0.0/32 is subnetted, 6 subnets5 J! x+ a$ ]5 [, R: B4 O
O 10.1.1.2 [110/11] via 172.14.8.25, 00:21:54, Ethernet0/1( Z6 V; p: `+ v# B7 r
O 10.1.1.3 [110/21] via 172.14.8.25, 00:21:54, Ethernet0/1, }! y( c3 [: s" M2 [
[110/21] via 172.14.8.13, 00:21:54, Ethernet0/3
6 V9 ]' v$ u h# T' E: a) ZO 10.1.1.1 [110/11] via 172.14.8.13, 00:21:55, Ethernet0/3' |9 n* y. y) W8 n3 h$ W/ S/ T
C 10.1.1.6 is directly connected, Loopback08 R1 i( }. T2 u; M, O
O 10.1.1.4 [110/21] via 172.14.8.25, 00:21:55, Ethernet0/17 U, |1 l% b3 ~: g. v" F
[110/21] via 172.14.8.13, 00:21:55, Ethernet0/3
! _) d$ a# q, q8 `# {O 10.1.1.5 [110/21] via 172.14.8.25, 00:21:55, Ethernet0/15 q/ b/ M2 o2 f5 r; L4 _- G
[110/21] via 172.14.8.13, 00:21:55, Ethernet0/3
6 Y: y J t) aR6#show ip bgp/ ?+ S% }5 f. d
Network Next Hop Metric LocPrf Weight Path
! \& F5 z3 l6 K; }r>i10.1.1.1/32 10.1.1.1 0 100 0 i0 u# ]" W2 d7 I. _, `2 Z! [
r>i10.1.1.2/32 10.1.1.2 0 100 0 i" T8 D3 X, y! e% O
r>i10.1.1.3/32 10.1.1.3 0 100 0 i
- d! k- v2 L+ K9 v& z' t/ V# Kr>i10.1.1.5/32 10.1.1.5 0 100 0 i% o6 T& e, e% Y1 B: p7 p
*> 10.1.1.6/32 0.0.0.0 0 32768 i
* c' H2 l3 {$ a- q( s4 @; SR6#show ip bgp summ3 l/ w p4 Y0 V" e% J+ t S
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd H# J1 V8 @3 g# D2 O Z o( Y+ C- M
10.1.1.1 4 3 34 42 10 0 0 00:22:21 1
7 k% b7 n) m6 K% Z10.1.1.2 4 3 37 42 10 0 0 00:22:23 3
( S9 ]& L7 v0 Z3 {: FR6#show ip bgp vpnv4 all summ
& @5 k8 ?# V. ~$ |Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
. d5 K. f1 o7 ^10.1.1.1 4 3 34 42 23 0 0 00:22:32 06 u/ [2 C* |4 t: L( T$ y
10.1.1.2 4 3 37 42 23 0 0 00:22:34 04 V* u3 X5 G$ g5 u4 Z+ j/ A
//从这个表可以了解到R6没有与R1和R2交换VPNV4的路由信息,它们之间只是建立了邻接关系。
3 O- U; P% O- g- ~, Y//代表R6无法收到来自R3的VRF信息。" e4 n7 _; h7 _& r D( r
R6#show mpls ldp nei& y. h5 Z* \1 s; c! d
Peer LDP Ident: 10.1.1.1:0; Local LDP Ident 10.1.1.6:07 C8 d2 w% A1 P( t
TCP connection: 10.1.1.1.646 - 10.1.1.6.11900
5 _( a" C# |7 {8 ^ State: Oper; Msgs sent/rcvd: 30/30; Downstream
, T5 Z4 M* ?7 d6 d Up time: 00:11:49
- x0 T; v) G- i; p LDP discovery sources:
" f3 h; ^1 B4 k& E- \6 r+ V c Ethernet0/3, Src IP addr: 172.14.8.13
1 v7 a7 `! J) x1 E/ j k# t8 K Addresses bound to peer LDP Ident:' f. ^6 w! e4 A v8 p* _. F' D" r
172.14.8.17 10.1.1.1 172.14.8.9 172.14.8.5
' i% J" q( ^3 b$ H3 t5 {9 C% @: y 172.14.8.13
( t0 r& p0 O4 f, C, k4 i, VR6#' v$ ? Q/ e0 v- q! U6 K& h$ p
//R6缺少去往R2的MPLS路由。
: M7 X" i" R) p# ]% V2 {" _8 ZR6#show run int e0/1$ A) K( y. s- x: u6 b
interface Ethernet0/1' x% ?& S8 G0 |+ }
ip address 172.14.8.26 255.255.255.252
5 O/ l0 B1 E0 a ip ospf message-digest-key 1 md5 cisco
9 I1 ?. b- b* c2 ?3 y9 P* x0 i5 ? half-duplex
' }! b7 Z6 A3 V9 xend
6 |3 o3 f Z+ e. o6 \, s//加上MPLS IP$ t( t3 \4 J. k) R- ]
R6(config)#int e0/1
( f: E( }1 O) J2 [5 LR6(config-if)#mpls ip& w+ ]7 L; O3 P# I& }) k* T
R6(config-if)# W9 T) C$ B. j$ X) u# d
*Mar 1 00:26:14.003: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.2:0 (2) is UP
0 t& @3 w3 [+ G- I//我们去R15上查看一下是否正常收到CER7的路由- P# I+ _6 I9 v3 W: J
R15#show ip route3 K3 a" m! p, K4 y. V+ V& z% y
1.0.0.0/30 is subnetted, 1 subnets
j1 h3 v, l' vC 1.1.10.0 is directly connected, Serial1/02 |% X1 k; x0 Z2 @9 j
171.1.0.0/32 is subnetted, 1 subnets
4 p* \0 R7 H& ]7 X7 p- E6 G+ t. mC 171.1.1.1 is directly connected, Loopback10
! r4 I* ?( N, S3 v 171.2.0.0/32 is subnetted, 1 subnets& o6 g1 h' a2 ~
D EX 171.2.2.2 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/05 ~9 R2 k0 F7 R0 U* C
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
5 E+ ?& p& T9 P1 dD EX 10.10.10.8/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
) N- A" ~# J' D9 o5 H. C3 s4 _2 L( G: ^D EX 10.1.1.8/32 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0( v L) s- l& Y2 ^3 I% T
C 10.1.1.15/32 is directly connected, Loopback0$ E# `! `+ h3 }% K9 a8 l
D EX 10.10.10.0/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0+ L, Q x. A' [4 G
D EX 10.1.1.7/32 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0! o7 E: D r8 L5 j, B* @% i
D EX 10.10.10.4/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
; F& }# m# \$ T' p3 B& ?D EX 10.10.10.24/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
2 G* L# |+ _$ l+ QD EX 10.10.10.16/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
( `; j- Z. W' N1 [0 y4 U+ pD EX 10.10.10.20/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
( ~. a5 f, F$ ?+ Q7 nD EX 10.10.10.32/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0' Y f& r* v, g
R15#ping 10.1.1.7
2 E1 o1 j4 i7 c8 W( ?Type escape sequence to abort.
& b- t& h E2 QSending 5, 100-byte ICMP Echos to 10.1.1.7, timeout is 2 seconds:
0 f4 t, Q9 q7 C# f; U) c.....# H' h* B0 W# V' B# [; R
Success rate is 0 percent (0/1)
: C0 k; q* j' S3 x6 z% ~( vR7#show ip route3 Q: D- q3 I V8 u: A" L; y I+ X0 E [
171.1.0.0/32 is subnetted, 1 subnets
7 Y/ d3 f, ?7 r4 ~- jO E2 171.1.1.1 [110/10000] via 10.10.10.25, 00:39:24, Ethernet0/36 J' G9 u4 F" u6 B3 b
171.2.0.0/32 is subnetted, 1 subnets% h) F8 e! V$ N' }) C
C 171.2.2.2 is directly connected, Loopback105 k h8 O# z+ f- z
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
/ V; h1 t; a1 i3 |: t8 sC 10.10.10.8/30 is directly connected, Ethernet0/1* e) p! k; z) J/ r
O 10.1.1.8/32 [110/11] via 10.10.10.25, 00:39:34, Ethernet0/39 k2 J0 M) J7 V" h& D
C 10.10.10.0/30 is directly connected, Ethernet0/08 O8 D- |* ~4 I2 n& o2 p l0 o- T
C 10.1.1.7/32 is directly connected, Loopback0
) ?3 [! V5 I+ s9 T* lO IA 10.10.10.4/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/3
4 V% `) a# ]0 AC 10.10.10.24/30 is directly connected, Ethernet0/3
$ z0 R5 b4 B n1 w; H/ EC 10.10.10.16/30 is directly connected, Ethernet0/2# T8 W! m4 l) O% c7 m" Z8 X
O 10.10.10.20/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/35 q2 V* _" Z* Y0 \% n
O 10.10.10.32/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/3
7 l9 I$ p' g. j, j% T0 X0 c \R7#
: S, }% l, P7 @4 H3 e//我们R15可以正常收到R7发过来的路由,但是R7无法收到R5发过来的路由,说明R6有发送PE信息给对端,但是R3没有发送自己的信息给R6。0 e* X, l2 e+ _# m' D' o
//所以我们假定问题是ip vrf对于对端的配置问题,因此要去PE上检查ip vrf是否配置正常。, A5 h- ^5 y1 D" s- {
R3#show run | be ip vrf1 @% m3 p0 X4 ~- Q
ip vrf site-b' o, g- n; f! f/ L. l
rd 20:10; S' Y) m8 `3 `3 c' i, _9 a
route-target export 20:10 //是否发送RD为20:10的路由信息出去
* x9 C; V4 f) n4 x% N( S route-target import 20:10 //是否对RD为20:10的路由信息感兴趣
; P- L. V* Z* z ^ route-target import 20:20 //是否对RD为20:20的路由信息感兴趣
5 f a8 R/ I2 k3 C% ER6#show run | be ip vrf
. W" Y' L8 p( k3 k4 \ip vrf site-b' Y0 b! L S* g# |2 ]6 E7 c0 ]
rd 20:20
3 {" T6 G' h% J- u route-target export 20:20+ P9 {" A! {9 A
route-target import 20:20" Q' u9 B( v. w" H+ B
route-target import 20:107 N% l0 x2 I# \
//这里可以了解到ip vrf 配置正常。
1 ]6 j; b5 ^* a) \/ \R3#show run | b r b
# y. Z' c5 G3 y8 f$ Hrouter bgp 35 S( M B1 C" B( W$ J3 r
bgp log-neighbor-changes
2 ~ D% ^% s# u neighbor 10.1.1.1 remote-as 3
& r: |8 Z% V, |2 Z# i+ }& }; k neighbor 10.1.1.1 update-source Loopback0; O% `$ m/ u: Y& r& J t
neighbor 10.1.1.2 remote-as 3
' E/ l- P( n" s0 c- y+ S neighbor 10.1.1.2 update-source Loopback0
1 Q1 A% t0 C% C/ |. h: @" D !* q0 @) j, s* g) C, P3 v" |! p
address-family ipv4
g" @" z2 h" j$ D# g4 {! { neighbor 10.1.1.1 activate
# U/ x. f- @; R neighbor 10.1.1.1 send-community/ |' y4 R8 P0 O- J* T1 O
neighbor 10.1.1.2 activate/ q1 k6 Y) D! k3 J6 l5 }$ N E
neighbor 10.1.1.2 send-community
' q/ K4 T% B% O( S& q7 N, z) e+ p. h no auto-summary$ O5 T5 ^% a$ r( m! n5 L5 o
no synchronization
: R3 h: P/ d0 T network 10.1.1.3 mask 255.255.255.255
$ r) e. [$ O. w2 } exit-address-family% \- _7 L, s4 g- d' N1 u4 ]+ a
!2 h) f6 ^# ?* l, Q2 u9 ~
address-family vpnv4
: W# z" s5 u, a& c ?( Z neighbor 10.1.1.1 activate! n# G; Z2 |% y7 K1 E% J4 i
neighbor 10.1.1.1 send-community extended0 F# k6 V, n8 X' H2 D- D
neighbor 10.1.1.2 activate
' }! \5 m/ e" y! j neighbor 10.1.1.2 send-community extended
, Z! [/ m/ A8 h6 c) c% t! @ exit-address-family
7 d! R0 x k3 t1 Z+ `1 X# v+ k !' U/ ]/ |, } f$ G, R
address-family ipv4 vrf site-b
8 S7 E, C% h+ L+ m no synchronization
4 i q4 Y: L A3 D/ y. M" b exit-address-family" b M/ L8 h2 ]
//从这里我们发现R3没有把IGP重发布到BGP的address-family中。, o! m. z0 t, n- a& x6 g* o5 H
R3(config)#router bgp 38 ~- O0 b! P( Y! r1 k
R3(config-router)#address-family ipv4 vrf site-b
+ L3 X# u) Q2 q! P1 K2 {R3(config-router-af)#redistribute eigrp 200 ( o5 ?& r, [3 B
R3(config-router-af)#
; S; u$ `8 ^# U- i" L$ @//如果不记得命令,可以参考其他PE设备的配置,比如:R6
$ g. N( `1 K, }( l5 g! RR6#show ip bgp vpnv4 all summ( o) U6 B S5 _" a, h! `" h
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd! T3 a! K) K3 c( ]* d
10.1.1.1 4 3 78 85 29 0 0 01:04:51 3$ w# M% V, [8 F7 H' K# S
10.1.1.2 4 3 106 97 29 0 0 00:06:05 3
: W* k2 x z/ U6 }7 ?' ?R6#% d2 }. _- [3 b! D. k
//R6与R3成功建立了VRF连接,并且开始接收数据。2 R5 m- u7 g3 ]% u+ C
R7#show ip route& f& b; m- {/ C. _
1.0.0.0/30 is subnetted, 1 subnets7 J3 `" ^9 L2 _0 f
O E1 1.1.10.0 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0
/ H) u, G( n# `; L0 h1 R& l# O8 m/ W 171.1.0.0/32 is subnetted, 1 subnets
5 U0 i# l; m: u+ SO E1 171.1.1.1 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0" O% C( N& i3 C% K
171.2.0.0/32 is subnetted, 1 subnets
9 K# m w% ^, W5 @2 iC 171.2.2.2 is directly connected, Loopback10
! T/ V# @" z! V1 P' r" n0 C: [2 n 10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
, h3 a, H: C2 r7 I: qC 10.10.10.8/30 is directly connected, Ethernet0/1* |) p: R2 [! q; G( {. Y
O 10.1.1.8/32 [110/11] via 10.10.10.25, 01:08:07, Ethernet0/3
7 @/ s0 s7 y ]3 ]9 P. d" [/ GO E1 10.1.1.15/32 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0% x' ~. a5 P% K
C 10.10.10.0/30 is directly connected, Ethernet0/0
$ Z* A: [1 v- r! c4 c) FC 10.1.1.7/32 is directly connected, Loopback07 n% v8 l1 T' t; b. [# b
O IA 10.10.10.4/30 [110/20] via 10.10.10.25, 01:08:07, Ethernet0/36 b8 h4 }; N2 V1 Q4 p1 }
C 10.10.10.24/30 is directly connected, Ethernet0/3
0 `/ c/ c. S9 F/ z _) |% Y RC 10.10.10.16/30 is directly connected, Ethernet0/2
7 j2 j! g4 {1 nO 10.10.10.20/30 [110/20] via 10.10.10.25, 01:08:08, Ethernet0/3
, E+ v: w2 O9 o1 OO 10.10.10.32/30 [110/20] via 10.10.10.25, 01:08:08, Ethernet0/3
' c% B& }6 G* eR7#ping 10.1.1.15* a8 i8 `: ~* U
Type escape sequence to abort.
0 N& q( j: ]- w, nSending 5, 100-byte ICMP Echos to 10.1.1.15, timeout is 2 seconds:5 G4 D- M4 {5 ~% \+ j! Z4 ~3 ]4 }
!!!!!$ T# d \- e4 g. K; {
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/71/124 ms, N3 P3 I( j* w% x$ f7 v6 S+ `
R7#
/ _/ T$ Z8 a8 u+ A1 \4.CE R20 Loopback0 and CE R8 Loopback0 , there are can NOT ping each other’s.8 C5 E0 y1 _& n* y7 H7 l* {9 ?
//如第三题,同样是先检查直连链路是否连通。 S% d% b# M8 O. w. w/ B
R20#show ip int br/ U) e; F7 ~ B, u5 E
Interface IP-Address OK? Method Status Protocol
7 c/ C* S. @2 A6 ^, B" y3 \Serial0/0 172.29.7.2 YES NVRAM up up 9 E! d1 H. y: ?& L( ]$ h
//查看R20和R4之间运行协议是哪个。
; E1 B0 t* {- i3 @R20#show ip pro3 y2 q+ O; R4 o9 [, z8 ?3 M+ G. ]
Routing Protocol is "ospf 100"
8 H4 e3 m4 x- B* X: SR20#show ip ospf nei
, m: Y6 E0 a( }6 w8 w ^9 pNeighbor ID Pri State Dead Time Address Interface
; c5 S, F9 D% [& e7 C4.4.4.4 0 FULL/ - - 172.29.7.1 OSPF_VL0- H5 E5 g- c3 _: t$ r ~
4.4.4.4 0 FULL/ - 00:00:33 172.29.7.1 Serial0/0
# T7 D& w! R& U" h4 I% t" h% dR20#! H+ t0 c0 T' X% z3 v
//可见,R20和R4的OSPF是FULL状态,并且是通过OSPF虚链路连接的。
% t' Y9 }: \5 ~3 C: ^/ u# |//还记得第三题上面,我们发现的问题吗?R3在show ip bgp 表里面没有发现R4的BGP路由。
3 S5 ~' c/ _* y- pR4#show run | b r b
' I2 B+ q, A: p2 G! wrouter bgp 3
" _# H L1 |* g no synchronization3 l" l- c5 S8 p }
bgp log-neighbor-changes! R5 b" D2 Z- H
neighbor 10.1.1.1 remote-as 30 x* J; ?, O: A8 }5 J
neighbor 10.1.1.2 remote-as 3
$ U. t6 e/ J% `1 E no auto-summary6 O0 K( c$ |& G2 Z8 z4 p
!* M* R. U1 }5 U7 Y4 R/ Q O
address-family ipv4 vrf site-a
( f! h1 @1 }2 H6 w. w7 e redistribute ospf 101 vrf site-a0 {& x8 ~- d. N! C+ Y# x
no synchronization
8 U7 D$ C/ }+ _& ~) d* q/ A- m exit-address-family
1 c8 r4 r9 a) D3 [//可见,R4的bgp信息非常少;在此,我们把它补全,如果不记得命令,可以参考其他的PE设备。6 M+ ~. T- U8 T3 j, p- O" S
R4(config)#3 r ?, t% x, @
router bgp 3& o3 W$ x- S7 m. r( h+ x2 O2 k' L3 M& x
bgp log-neighbor-changes3 X5 @% M0 P0 }0 z
neighbor 10.1.1.1 remote-as 3
! f3 @* N3 v5 I" J; O2 V1 | neighbor 10.1.1.1 update-source Loopback0" v( p7 U4 F& C# w7 X
neighbor 10.1.1.2 remote-as 3
) G3 W0 V {$ p' k' a neighbor 10.1.1.2 update-source Loopback06 Z- L* I% p) L3 e) A, W- m
R4(config-router)#address-family ipv4
8 y% l. S" N+ m1 {4 ^' F/ uR4(config-router-af)#neighbor 10.1.1.1 activate; Q7 j/ q$ s3 K
R4(config-router-af)#neighbor 10.1.1.1 send-community& n" w3 o/ @. ^4 N H
R4(config-router-af)#neighbor 10.1.1.2 activate
x9 ^1 `; \, P% wR4(config-router-af)#neighbor 10.1.1.2 send-community
0 f( `2 u4 ^$ a+ m7 T1 M1 L& }) k( I*Mar 1 00:31:14.799: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Up' e: p, l0 Y) c: ? z i3 A
*Mar 1 00:31:16.255: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Up
) q' d" d) G8 E" n* ~# n//输入完以上信息后,发现R4和R1的BGP邻居已经建立。 _, ~; ?5 w- h
//因为VPNV4的命令还没有补全,所以R1还是无法和R4建立MP-BGP邻居。
9 x; A/ L7 w* W+ c& FR1#show ip bgp
# Y, K& ~9 V% W/ _; w0 s- @BGP table version is 13, local router ID is 10.1.1.1$ _+ }* `3 @0 U; A: |0 M: u5 k
Network Next Hop Metric LocPrf Weight Path- n# w$ Y. U$ g( K3 E- w) [* e
*> 10.1.1.1/32 0.0.0.0 0 32768 i
2 W0 G# U9 M h" Z# Gr>i10.1.1.3/32 10.1.1.3 0 100 0 i! o, B6 p8 C+ H- h; m# `5 v3 i
r>i10.1.1.4/32 10.1.1.4 0 100 0 i/ I9 V6 d* l/ Y# m
r>i10.1.1.5/32 10.1.1.5 0 100 0 i* U& ~0 a$ F7 [' ]; o
r>i10.1.1.6/32 10.1.1.6 0 100 0 i# J9 Y3 h9 q7 A3 l9 s
R1#show ip bgp summ
) J( p1 k8 Y. B3 y, @; s* yNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd8 Q) M, ^3 e- D2 C
10.1.1.3 4 3 38 53 13 0 0 00:30:55 1
, g1 x3 z1 [ C6 V4 v% ]$ ~10.1.1.4 4 3 35 34 13 0 0 00:00:56 1/ c# P" ~- Y* u. u5 q
10.1.1.5 4 3 50 53 13 0 0 00:30:47 1
& X+ M W. ?% ?* \10.1.1.6 4 3 51 44 13 0 0 00:30:55 1
# F/ @! Z5 @8 R8 SR1#show ip bgp vpnv4 all summ6 V! L _3 }: l* D1 q# Q! J9 m
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd& ?$ j6 [9 P! m: D/ u" e
10.1.1.3 4 3 40 55 27 0 0 00:32:07 3+ A) {) P# Q0 s0 `" o: f
10.1.1.4 4 3 37 36 0 0 0 00:02:08 (NoNeg)
! F' h6 `1 c$ e+ U5 V& a# _7 u( t10.1.1.5 4 3 51 54 27 0 0 00:31:59 111 L9 y! `6 c9 x, u* H/ ?( b
10.1.1.6 4 3 53 46 27 0 0 00:32:07 100 C3 z5 N- G2 b3 J, {
R1#9 w2 \: ~% @9 @# [! D. Y3 W4 v
R1#show mpls ldp nei
0 F, R$ D+ w8 O& {) a6 u# Z1 L7 o Peer LDP Ident: 10.1.1.5:0; Local LDP Ident 10.1.1.1:0; u. A' m; }5 X5 X! ~2 I
TCP connection: 10.1.1.5.32048 - 10.1.1.1.646
7 T/ P# j9 L4 w6 m$ r# _ State: Oper; Msgs sent/rcvd: 76/76; Downstream M. r; a. g' d6 F5 t- [# ]$ _
Up time: 00:51:16
, R# b0 F- ? H5 P: O: y3 _ LDP discovery sources:9 x# A" |8 |5 g' B" W# @
Ethernet0/0, Src IP addr: 172.14.8.180 Y. f1 {' j& m% Y8 l8 L
Addresses bound to peer LDP Ident:+ x) `) `8 _1 ?" }
172.14.8.18 10.1.1.5 172.14.8.22
$ }% f5 `; k; z7 p- p" Z7 s Peer LDP Ident: 10.1.1.3:0; Local LDP Ident 10.1.1.1:0) x6 z6 v" g8 Z8 V
TCP connection: 10.1.1.3.52528 - 10.1.1.1.646) S# u$ M& K/ }9 _
State: Oper; Msgs sent/rcvd: 71/72; Downstream" t- K% B8 S9 D
Up time: 00:47:56
# q5 [' f8 ?( x6 E LDP discovery sources:
( C) S& U- K" L Ethernet0/2, Src IP addr: 172.14.8.6
' X! a3 @1 {& x+ Q9 O; X9 Q6 C5 L/ } Addresses bound to peer LDP Ident:
/ a. E R, ~1 ]+ S 172.14.8.34 10.1.1.3 172.14.8.6) ^% `5 z$ W$ M4 `/ k8 C1 ~
Peer LDP Ident: 10.1.1.6:0; Local LDP Ident 10.1.1.1:07 j2 r% f' I3 H- a% Y: N+ T5 \; K) N
TCP connection: 10.1.1.6.61959 - 10.1.1.1.646
7 s! J- A: @7 M# V State: Oper; Msgs sent/rcvd: 71/72; Downstream
6 z( X% v; X) S: L; r7 r. G6 l Up time: 00:47:55
0 W3 u) q' A- O9 E LDP discovery sources:
' a- p% Q$ u0 g. R Ethernet0/3, Src IP addr: 172.14.8.14- G* n$ Z3 C# g% j7 j
Addresses bound to peer LDP Ident:/ B" n5 P: S8 |4 F3 j. c
172.14.8.26 172.14.8.14 10.1.1.64 M4 Y8 @5 ]; O+ P
R1#
) W9 ^& s/ f* n3 H+ V9 ER4(config-router)#address-family vpnv4. f9 J* C: _1 i5 ?5 `% ]
R4(config-router-af)#neighbor 10.1.1.1 activate* Q M, h7 E- R2 X
R4(config-router-af)#neighbor 10.1.1.1 send-community7 d+ _* {, U/ ~% ^+ h' _1 R7 }8 _) D
*Mar 1 00:35:11.695: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Down Address family activated" b" U3 X& G6 F% X% v) E+ u) d- O
*Mar 1 00:35:13.955: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Up) A" q9 f+ l& m9 ^+ t
R4(config-router-af)#neighbor 10.1.1.2 activate
: U& P1 @! N& wR4(config-router-af)#neighbor 10.1.1.2 send-community5 ~- U2 ^) s9 F! \
*Mar 1 00:35:52.895: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Down Address family activated1 E0 H$ M! W0 e3 b' r
*Mar 1 00:35:55.167: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Up8 C/ `$ p+ X& |& O9 p, v
R1#show ip bgp vpnv4 all summ
/ D9 @ u; _7 fNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
! e: c* i. n! ?/ g8 E& T& Z! k; o) J2 b10.1.1.3 4 3 43 62 33 0 0 00:35:17 3
, ^1 Z2 @ W( G- `0 y r: B4 `- i10.1.1.4 4 3 48 63 33 0 0 00:01:18 6
# E. j. r6 \/ i10.1.1.5 4 3 56 62 33 0 0 00:35:08 11
- o* x) h- `! y. E10.1.1.6 4 3 56 53 33 0 0 00:35:16 10
1 y% J0 B7 ]4 h0 u" \R1#
0 O. P0 V$ \8 d3 x$ n//R4和R1的MP-GBP邻居也已经成功建立。1 O4 L, c% ?/ y6 h
//R1是P设备应该有4个PE设备的对端,而且从RID地址可以了解到R4没有在R1的MPLS表中,这个是上面出现的第二个问题。
' d M: T }% h( g//然后就开始补全MPLS VPN的命令,在补全之前,先查看R4的VRF名字是什么。) R( T% U9 y3 T) L }+ z( n4 x4 V
R4(config-router)#do show ip vrf. Z5 h) @7 t) _, m; W; v6 a, g
Name Default RD Interfaces
3 g `5 z4 d7 \3 Z5 y( m site-a 10:20 Se1/0+ y% L* R- O: }7 P$ n
R4(config-router)#: ~+ {% }# k/ r3 `& c
R4(config-router)#address-family ipv4 vrf site-a
! n/ V! u- C7 Q4 RR4(config-router-af)#redistribute ospf 101 vrf site-a match internal external 1 external 2: v3 t, B$ z, I/ H. N
R4(config-router-af)#exit
7 h; d9 C8 I% c% U' g- a2 ]1 d//命令补全后,检查IP VRF的RT是否配置正确。
% A( ^$ B( t+ F% E) d# p$ WR4#show run | be ip vrf9 {6 W, p5 M( ?: S- R
ip vrf site-a3 k3 X" |$ @! r5 |+ ~' ~/ x
rd 10:20
5 P+ u6 b- a- N: n$ q J, I route-target export 10:20
$ x% H# p' U/ ^7 y; [9 H3 B route-target import 10:207 E' v. r4 } V# \& W3 h
!
; c S' U# S; {% W7 h!
& |2 y5 P) {6 J a2 m6 i( K: pipv6 unicast-routing) l- ?3 O2 F! x. ]) @7 b. b# @: U
mpls label protocol tdp
/ m9 B4 P- X/ F4 Z- {1 A! b//R4的VRF目前只对自己的信息会进行接收和转发,我们应该增加对R5的数据感兴趣。* p# h: N& H, A9 h# [, t) C
R5#show run | be site-a6 g* z3 U3 M5 f! H! r/ s
ip vrf site-a9 |5 @) ^! o V B+ L
rd 10:10
, _0 ?) `9 V% F route-target export 10:10
9 _- L) w6 ^- S# }3 X& O route-target import 10:10; i* N# Z& V, s
route-target import 10:208 ]/ r5 W% ]9 J# }3 I1 a6 c5 x
R4(config)#ip vrf site-a# K# Q2 ~1 {5 z
R4(config-vrf)#route-target import 10:10, y0 K! c! ?1 j/ B, N
//完成后,分别去R20和R8上面查看是否存在对方路由,并且进行测试。' \. w. r: M0 @' f
R20#show ip route
' T& c% x9 c# c 171.1.0.0/32 is subnetted, 1 subnets6 ^+ B! L8 z, f
O E2 171.1.1.1 [110/10000] via 172.29.7.1, 00:01:10, Serial0/0. l1 S- X" C/ n ^& @& B. Q! p2 K
171.2.0.0/32 is subnetted, 1 subnets |3 r% i8 u* n
C 171.2.2.2 is directly connected, Loopback16 N' h& N0 Q3 A9 z4 _: _1 J5 u
200.20.20.0/32 is subnetted, 1 subnets
# k' m, s ]* ^$ |7 [C 200.20.20.20 is directly connected, Loopback10
- S, x; M9 h" L% h: @ 172.14.0.0/30 is subnetted, 1 subnets! i2 T& E: K" p- a# M
C 172.14.9.0 is directly connected, Ethernet1/1
6 B, ^3 p4 W& E4 S2 _, q9 }5 i 172.29.0.0/30 is subnetted, 2 subnets
, S7 @! w, c0 r tC 172.29.7.4 is directly connected, Ethernet1/0
4 e7 t! H9 x2 K7 P% ^1 ~C 172.29.7.0 is directly connected, Serial0/0
; \9 F' J' o+ w3 I2 d. h( ~ 10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks$ S6 f9 I' Y1 ?2 r# Q' G5 k
O IA 10.10.10.8/30 [110/94] via 172.29.7.1, 00:01:15, Serial0/0* Y0 [8 a( N) y( V5 _
O IA 10.1.1.8/32 [110/75] via 172.29.7.1, 00:01:16, Serial0/0
: ?# @5 m* W6 V' vO IA 10.10.10.0/30 [110/94] via 172.29.7.1, 00:01:16, Serial0/0% H5 X! P' N1 N$ b: m
O IA 10.1.1.7/32 [110/85] via 172.29.7.1, 00:01:16, Serial0/0
4 R$ O# x$ Y( Y1 t2 n; DO IA 10.10.10.4/30 [110/65] via 172.29.7.1, 00:01:16, Serial0/0- X( J u ^+ j& U0 g9 Z$ `
O IA 10.10.10.24/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/0
4 _/ V3 H5 @+ v, b# [' GO IA 10.10.10.16/30 [110/94] via 172.29.7.1, 00:01:16, Serial0/05 }) v: s: J' k- g2 l
O IA 10.10.10.20/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/00 A3 Z, o. a- k' ?4 |7 G/ w2 l
C 10.1.1.20/32 is directly connected, Loopback00 y) F) ^3 h. t8 s
O IA 10.10.10.32/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/0' z3 g) C# B5 }. m8 B2 N
R20#ping 10.1.1.8; g) u' ?; M0 I+ n
Type escape sequence to abort.) A h- L9 i% ]1 H8 }/ a3 D) p3 a
Sending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:/ C# V" @! `; V1 K
.....
, G& U. u0 m$ t5 F" {7 NSuccess rate is 0 percent (0/5)
! W, X, d+ i4 y) cR20#
0 d F8 e7 F- HR8#show ip route
0 L6 G }+ m3 w. b/ d 1.0.0.0/30 is subnetted, 1 subnets
( v" G+ A3 w; A' X1 i2 T, }O E1 1.1.10.0 [110/30] via 10.10.10.26, 00:10:36, Ethernet0/3
1 q9 Z8 a7 q* H4 O x' Q: I; j' m2 | 171.1.0.0/32 is subnetted, 1 subnets
' P2 `5 R6 [/ {7 ?" r9 b/ g0 t& \) W/ pC 171.1.1.1 is directly connected, Loopback1, Q0 i, G7 ^$ u9 n% y
171.2.0.0/32 is subnetted, 1 subnets# _3 V2 I3 c; ~6 U
O E2 171.2.2.2 [110/20] via 10.10.10.26, 00:10:36, Ethernet0/3
: a3 ^, @- |, \4 u, X8 o! x 200.20.20.0/32 is subnetted, 1 subnets
& k# t4 a, j/ D% ~" LO IA 200.20.20.20 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/2. I. X- d% h' O) ^* r
172.14.0.0/30 is subnetted, 1 subnets4 a: s- D* a# j2 t# d$ ^
O IA 172.14.9.0 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/2
8 u; H! X+ u, M2 H 172.29.0.0/30 is subnetted, 2 subnets
/ u3 _' n9 Z: a7 V8 ^; G$ ~O IA 172.29.7.4 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/20 M2 ]7 M" i0 k
O IA 172.29.7.0 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/2! h2 _- }9 A3 M
10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
! I, o6 I6 {+ F. fO 10.10.10.8/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/3( ~) g8 ?1 ]. y6 `
C 10.1.1.8/32 is directly connected, Loopback08 K! V- J+ \& |
O E1 10.1.1.15/32 [110/30] via 10.10.10.26, 00:10:37, Ethernet0/36 R# h/ w- P5 [' u
O IA 10.10.10.0/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/3
0 ~$ B+ B8 x3 h, }5 z5 _O 10.1.1.7/32 [110/11] via 10.10.10.26, 00:44:38, Ethernet0/3% p; K- A; b$ R
C 10.10.10.4/30 is directly connected, Ethernet0/2 L1 @ {& A- }6 O
C 10.10.10.24/30 is directly connected, Ethernet0/3" x- W' a1 L; }% S
O 10.10.10.16/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/3) I! ~0 ]6 y. i; E- J( e6 O H
C 10.10.10.20/30 is directly connected, Ethernet0/1
' H* `) k" O6 tO IA 10.1.1.20/32 [110/20] via 10.10.10.5, 00:10:42, Ethernet0/29 I! W; A. f4 I2 e+ H
C 10.10.10.32/30 is directly connected, Ethernet0/0
, O' W/ Q, v+ S6 aR8#ping 10.1.1.20( j6 J# [6 C+ E8 S
Type escape sequence to abort.
( E3 R2 c) `3 I2 g5 @6 P2 w, QSending 5, 100-byte ICMP Echos to 10.1.1.20, timeout is 2 seconds:% d& q0 F( X i% ~" u t' w. C
.....& {- f3 U5 x7 ?- L5 X7 t7 h. l
Success rate is 0 percent (0/5)
; t6 o- x9 |" x+ W& cR8#
. y7 B7 z4 g% ~+ J$ W0 g/ o//为什么两边的CE设备都已经存在了对方的路由,但是却无法ping通呢?- d, f4 G8 L$ z6 _2 y7 Q T
//如果细心的朋友应该留意到我刚刚show的一段命令:mpls label protocol tdp
3 q& O, V+ s! T# |! C! l//这句命令我相信大家都明白,是MPLS的协议类型不匹配,导致无法通信的7 G4 [* }) p2 {; m6 Y5 N
R4(config)#mpls label protocol ldp1 c/ e$ ?9 {$ g: I
R4(config)#4 l9 \% R' F. y4 o2 ?( Y: q8 B
*Mar 1 00:58:17.463: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.2:0 (1) is UP
: b2 D& f$ D% [( I2 t9 a0 T# R*Mar 1 00:58:18.835: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.1:0 (2) is UP4 k+ A$ D9 f: O3 t
//这时,R4与R1和R2的MPLS 也成功建立起来了,我们再测试一次。
- n* N6 g) ?& B+ a+ e: _. w) i0 N( p% {R20#ping 10.1.1.8
( K) h \4 q8 S( }. i- |Type escape sequence to abort.
5 {3 G* u$ [9 X; X+ ySending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:( S# C$ Y9 n, a5 m1 ]
!!!!!/ `$ S' m/ m! p
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/122/184 ms+ J" ] b; v e2 p
R20#+ q% ~- H& Q4 ~) i
R8#ping 10.1.1.201 p: Y2 Z$ ^7 W
Type escape sequence to abort.
; n+ l) t6 K1 x9 D1 ~; ~ ?% FSending 5, 100-byte ICMP Echos to 10.1.1.20, timeout is 2 seconds:
5 R7 K# \' A( a; Z+ b!!!!!
2 d3 |; s' h7 c. ^; kSuccess rate is 100 percent (5/5), round-trip min/avg/max = 84/128/156 ms# Q7 {3 [; |5 I- s8 H" V. r
R8#% ^/ p$ C3 f2 I
5.IPv6 R8 can NOT ping R4 loopback200 CC1E:1000:100::100, fix it.
$ N, w5 p4 K6 _: O+ g* D iR4(config-if)#do show ipv6 route) J, i$ V7 \2 U& q5 e
IPv6 Routing Table - 10 entries
# V" C) U: j7 E9 _4 n" @: { q, wC 12::/64 [0/0]
) }6 k q9 z: R _0 z7 I via ::, Serial1/0
& B# o2 V; r! I# Y2 vL 12::2/128 [0/0]
6 e$ e* E6 @* ~* t2 b; L via ::, Serial1/0
* d! f/ M6 H6 KC 13::/64 [0/0]
9 z" p; o$ P1 R/ q; r1 Z# c9 U via ::, Ethernet0/1
- ]7 O- e/ k# lL 13::1/128 [0/0]
# d: P( I; v, ^( _) Y7 z$ G) t% [; z; J via ::, Ethernet0/1# @6 u' M& ?5 v2 U: @
C 14::/64 [0/0]
0 ^/ i9 A# Z; d+ J6 z via ::, Ethernet0/2* X5 U6 T% `' y# X. a9 C
L 14::1/128 [0/0]1 n7 ]0 [1 @2 {- ^2 K1 a1 s6 j E
via ::, Ethernet0/2
. d Z# p- d4 d/ ^# T0 O3 IC CC1E:1000:100::/64 [0/0]
Y3 l# X/ c, N- Y$ i$ C8 B via ::, Loopback200
$ I/ `+ V- t. i6 f6 t& GL CC1E:1000:100::100/128 [0/0]5 T; @& B5 l0 G4 R0 h
via ::, Loopback2002 Z9 e: E9 M( s* L M! {
L FE80::/10 [0/0]
, x$ k9 q2 c& C2 C via ::, Null0; X% n' i1 _; x; u# I- N
L FF00::/8 [0/0]
% s3 i+ I3 a8 [# a* B" d5 ]% z( y+ R$ w via ::, Null0
) @+ M: f/ Y" a/ t: S( A//只有直连路由和本地路由,查看R4是否加入到IPV6的协议中。6 P; u) ?- _9 L9 m& g
R4(config-if)#do show ipv6 pro
, M% @; h( o) h4 m* }, F- H$ RIPv6 Routing Protocol is "connected"
' T* E9 J9 n0 U2 I5 zIPv6 Routing Protocol is "static"
) r5 X: V" ?! C4 b( zIPv6 Routing Protocol is "ospf 11"9 J8 Z; |$ v, I" y1 b7 Z
Interfaces (Area 0):+ k$ \+ A! p: r3 r- X/ L
Serial1/07 E o% e# T0 I1 h5 U& U
Ethernet0/2& N) D/ g0 j1 Z; _7 O0 P* S9 L
Redistribution:9 ~/ \5 X; i1 F3 G g. o! \
None
0 M7 F& G5 [% y$ O5 ?" jIPv6 Routing Protocol is "bgp 3"7 M1 t$ R2 A% b: t p3 R
IGP synchronization is disabled o* V/ Z7 v& d: u
Redistribution:* h- V! w, X. ?5 m% G/ f9 D" h! |/ E
None
1 |$ I! B, v. H- hIPv6 Routing Protocol is "bgp multicast"
$ z; I, h) f" C- v& t0 B2 w8 n IGP synchronization is disabled
$ [3 H: G, O& a Redistribution:4 x+ x1 h8 W; e6 t8 S1 ^6 D
None( r5 Q9 P' A- J7 D" @$ C) E0 ?
R4(config-if)#
: K2 Q( ~; ~, `* b6 b( _//IPv6运行了OSPF 11,并且在端口E0/2发布进了OSPF; H# j; L2 ]& E$ R, p
R4(config-if)#do show run int e0/2. q( [* l$ q1 n' n: U
interface Ethernet0/2
! o' m& N, s8 y1 d* c. Q( J1 @' x ip address 172.14.8.30 255.255.255.252
V8 d5 [ n+ n1 ?# U% R ip ospf message-digest-key 1 md5 cisco
! c8 y6 q) w# B2 _; A+ H half-duplex; X# ?8 \$ x* ~: i4 m/ A# n1 j- J# [
ipv6 address 14::1/649 N1 Y# B0 l) h6 j( O8 m0 _/ P
ipv6 ospf 11 area 04 T3 J' Z1 x+ i+ n
mpls ip9 U8 D3 u% r( A
end
2 Z" O) u: [% B//沿路查看所有的IPV6信息
) S- e1 d9 ]' R2 w& mR1#show run int e0/1
: g- R7 ^% f5 x6 X ipv6 address 13::2/64; \7 ^( ~4 v# _9 n
end
C4 {9 u9 E6 M! ~5 h) bR2#show run int e0/2
# p, X1 a: X0 i' i! B ipv6 address 14::2/64
H' g# w R3 s8 n# q) n! f# Nend' ]* U+ x) s P3 d5 B, l9 o
//R1和R2的IPv6端口信息
2 n+ k3 | x+ j1 M- pR1(config)#ipv6 unicast-routing8 _' g; q0 t, V4 C s4 q4 X
R1(config)#int e0/1
+ m) ^$ c6 }. W0 ]: ~7 S1 d7 pR1(config-if)#ipv6 ospf 11 area 0. [ c* }2 n7 c. _/ @* v
R1(config-if)#
" f, |0 `; b$ ^3 D: ?4 J) sR2(config)#ipv6 unicast-routing2 w3 T4 E) P6 L1 S$ f
R2(config)#int e0/2. h- t; U! F0 x a i" t% j
R2(config-if)#ipv6 ospf 11 area 0
% @. ~% l- o& x6 u5 jR2(config-if)#
6 E& P" A; J( [8 S5 b3 a*Mar 1 01:21:47.119: %OSPFv3-5-ADJCHG: Process 11, Nbr 172.1.1.4 on Ethernet0/2 from LOADING to FULL, Loading Done
) N( w7 w, t ^3 L, O//在接口简单的配置完IPv6OSPF命令后,R2和R4建立了OSPFv3邻居,但是R1没有和R4建立OSPFv3邻居。
2 n: r& ]+ e# ?0 g- ?! Z//去连接R1的R4e0/1接口上看看。
' ?- n$ |( l% C, sR4(config)#do show run int e0/1/ k: j" k4 {7 x; Q% f% X1 @# J1 d. z
interface Ethernet0/1
$ v/ L& t- d6 O/ m ip address 172.14.8.10 255.255.255.252* J) ~# z4 w) B% W ]# w/ } Z
ip ospf message-digest-key 1 md5 cisco
0 Z& N C# f6 ~, f( p7 S* d2 F half-duplex, K1 W4 j. p0 |
ipv6 address 13::1/64
& d3 \' h/ \6 S# f. V8 Q4 s+ R mpls ip5 s0 K1 _; ?" a2 D
//R4的e0/1也漏打了命令,补充完整。
; Y. i$ N9 s- T/ H% ~6 E9 RR4(config-if)#int e0/1
- y4 T2 u! t% Q. x; ^( DR4(config-if)#ipv6 ospf 11 area 0# h% T: z" s+ ~9 q0 }2 x: n1 g* w% |
R4(config-if)#3 T* y: a5 {+ v
*Mar 1 01:28:25.979: %OSPFv3-5-ADJCHG: Process 11, Nbr 10.1.1.1 on Ethernet0/1 from LOADING to FULL, Loading Done
2 z- u) T9 m3 Y* ^9 B7 d5 H- `8 V//继续往下一段链路检查
; f- v9 K6 b! K4 {/ N+ f' K! wR1#show run inte0/00 t& N: i1 F( d+ q4 L) e
ipv6 address 15::1/645 a2 A1 n- T7 Z8 [ o6 d- X G
ipv6 ospf 11 area 1
5 o1 [ d* Z' A1 p mpls ip
! u; x4 L1 U6 Xend
5 \% O% {) m- h$ \' @- D7 fR2#show run int e0/3! X( ?# B. q- W2 h0 i
ipv6 address 16::1/64
2 k D* n% h, G/ u/ pend* B1 p! k4 R: w" u) r
//参考R1,并把R2的e0/3接口命令补充完整。
1 d" [$ y. C( L/ w4 o" d" AR5#show run int e0/0, ?+ T" }, d1 f6 p* |! d) ^& C
ipv6 address 15::2/64
8 N, {1 K' G3 p6 p- V+ g4 u4 i+ M ipv6 ospf 11 area 1
4 {2 J- u, X) `0 d( [ mpls ip9 g }" C& J1 W0 W) u5 [" a! ~
end
( Z9 R% i+ p: u. k% @* v" uR5#show run int e0/3
; P' j+ Q$ s6 o' O I: Q \% b, J; U) _ ipv6 address 16::2/64
! Z$ A! ?% v8 G+ y9 Q8 |( j8 h mpls ip
2 H4 C/ [% c+ q5 Z2 r1 O# ^8 t3 c% jend' M# Z! I, j4 D' t5 ]3 U
R5(config)#int e0/3
+ G- a8 }3 q$ k5 Y9 t. yR5(config-if)#ipv6 ospf 11 area 1$ Q' Z. B5 J3 G) Q$ G4 t/ q
R5(config-if)#
2 r) c! x4 F% @2 `, }*Mar 1 01:33:05.923: %OSPFv3-5-ADJCHG: Process 11, Nbr 10.1.1.2 on Ethernet0/3 from LOADING to FULL, Loading Done( ~) n% J+ y l# Y% [
R5(config-if)#do show run int e0/25 K% k T- m7 j8 ?- c( E
ipv6 address 17::1/64
$ c! K) `& G5 ?1 n& r* S7 m7 x ipv6 ospf 11 area 1
5 r3 O* I* ~9 h9 ]8 qend+ L3 G4 W% v1 R" \0 P. n; d: s
//R5同上+ f! s7 g5 N% L& \
R8#show run int e0/23 q$ C, h0 S, g$ {
ipv6 address 17::2/649 a# p/ i& P) g, Q, U$ m* a
ipv6 ospf 11 area 1
- h5 r3 J+ k& g. R- v. S* }- gend) B+ o v5 e4 j; }' R c
//当查看完R8的端口后,发现基本命令都补充完整。接下来查看是否有收到IPv6路由。 U/ n# e# L4 v- {6 I2 z
R8#show ipv6 route
, L8 G8 P1 Q/ K1 }IPv6 Routing Table - 9 entries
5 Q2 n* Y8 e. l9 mOI 12::/64 [110/94]! D( B$ j4 S0 {( l/ H& }$ Q5 P7 U$ M
via FE80::CE0C FF:FEA8:2, Ethernet0/2
! b" U) {! b' u: l+ V* B; g2 qOI 13::/64 [110/30]: ~( z) j/ u5 O% D4 }0 D9 U3 ?
via FE80::CE0CFF:FEA8:2, Ethernet0/2
3 ]# ~; I, U# T% o8 u( jOI 14::/64 [110/30]
* Q2 J8 ^7 d: H8 F8 y; H P via FE80::CE0CFF:FEA8:2, Ethernet0/2
6 F, f( I* c5 x YO 15::/64 [110/20]( ` [+ g% F n1 }, W8 w6 N# u
via FE80::CE0CFF:FEA8:2, Ethernet0/2
. B, z& Z2 c# Q9 `, S8 p: ]8 lO 16::/64 [110/20]; d0 _4 ^& E5 y2 b: K( O
via FE80::CE0CFF:FEA8:2, Ethernet0/2
, a% @7 }% e6 V( F1 t: NC 17::/64 [0/0]
2 w! a' e ^- ^" h via ::, Ethernet0/2
) v9 h! k& c. x# D' \& f. oL 17::2/128 [0/0]
+ v$ I8 {% Y! H via ::, Ethernet0/2) k4 n; A9 x: G4 M; \4 K1 R6 h H
OI CC1E:1000:100::100/128 [110/30] X3 u. K1 G! M H2 f
via FE80::CE0CFF:FEA8:2, Ethernet0/2
! w' k" \0 E; U# T' o$ {2 `L FE80::/10 [0/0]
) h G4 v" @/ @0 O/ X$ n3 p. h via ::, Null0
* | T+ K" J; g1 _L FF00::/8 [0/0] P' l, w8 z$ x! U( ~" q
via ::, Null03 w! @! v" i# V: Z
R8#
; k# }, t# u2 I. i$ n. Q' o2 I//R8已经收到R4的两个分别连接R1和R2的端口的IPv6路由以及R4Loopback200的信息。- l6 ~/ E5 Y$ L; l, @
R8#ping 13::11 T' r1 z6 N% _
Type escape sequence to abort.
d- ?* U i5 [' t/ ?- t, eSending 5, 100-byte ICMP Echos to 13::1, timeout is 2 seconds:
6 u3 o9 h7 z: D K/ ]. b!!!!!
2 F8 p: r2 G7 E6 j8 b/ mSuccess rate is 100 percent (5/5), round-trip min/avg/max = 48/120/256 ms
2 s* j8 y8 _) }" ?# O3 X% t+ ZR8#ping CC1E:1000:100::1008 v7 m6 a+ p. g; h* ?" k
Type escape sequence to abort.2 W" r1 e4 \. w4 x+ N$ G
Sending 5, 100-byte ICMP Echos to CC1E:1000:100::100, timeout is 2 seconds:# t& X4 L; V+ W# ?
!!!!!
; g' E& y; I H& g9 b: Y9 BSuccess rate is 100 percent (5/5), round-trip min/avg/max = 68/85/120 ms6 F8 D1 G+ j( f* d: g
R8#* U& ` t( n3 B+ Q
5.R22 and R23 can NOT established ospf neighbor.
1 [. D, S( J" DR22#show fram map
@% k1 m% M- v0 a6 \Serial1/0 (up): ip 172.14.9.1 dlci 22(0x16,0x460), static,: w) z" _- U( Z$ c& k) }
CISCO, status defined, active7 {! x" e1 U/ A, f% p3 m
Serial1/0 (up): ip 172.14.9.2 dlci 23(0x17,0x470), static,5 u/ D/ G1 b5 T- a$ L& d
CISCO, status deleted
' N1 Q8 N5 o' n! ?/ ~; w2 UR22#) v2 F7 R0 H2 j
//因为中间有个帧中继,所以出现问题先查看帧中继链路是否正常。
- C" b( @. ~6 ?4 a; G( X6 N//从show fram map 就可以发现R22的邻居172.14.9.2 的DLCI错误。% X6 ?# M. p$ @3 w) j; I5 i. S, Z
R22#show run int s1/01 x: i- M; k2 i' X2 [" d9 D5 W/ Q2 t3 U
interface Serial1/0; @3 m" e( |: p4 r
ip address 172.14.9.1 255.255.255.252! }9 X$ {, ^" j6 g4 }- M$ }
encapsulation frame-relay
3 e! R( `( s( _% m ip ospf authentication message-digest
1 {0 E% y; C T7 G- b, f' |- F ip ospf message-digest-key 1 md5 cisco9 L3 |+ _1 j( G* d6 V4 {
ip ospf network point-to-point& a" X. l( c7 g+ z0 p+ K
serial restart-delay 0. I4 n# R$ R- f/ F+ `/ f V
no arp frame-relay
$ s! z& K8 ]8 o0 d frame-relay map ip 172.14.9.1 22- \4 l, W; B" F
frame-relay map ip 172.14.9.2 23
5 A9 |* d; M- P. Z& d no frame-relay inverse-arp6 Z3 y* |3 e' @5 I( I, w
frame-relay lmi-type cisco# G3 U) x1 k7 O) |" }
end
' ?2 Q* w1 R/ {4 u. `//帧中继链路关闭了自动映射,所以要手工配置。# o4 a" f6 O c9 {% s7 {
//输入的是本地DLCI号,以及修改成广播方式学习。% ~2 |8 N& ^( W9 J7 F% t
R22(config-if)#no frame-relay map ip 172.14.9.2 23
j# y" p! f4 y0 l3 I: g: \$ C5 JR22(config-if)#frame-relay map ip 172.14.9.1 22 bro
- n% P' _7 R3 J% y" B6 T T0 nR22(config-if)#frame-relay map ip 172.14.9.2 22 bro6 Q( U/ U) k! y+ ], ^: e9 d
R22(config-if)#
. L, W: ]5 {; c//R22修改完成后去R23上进行同样的配置。
3 k, B% W) _5 ^8 G) ~0 qR23#show run int s0/03 g2 t$ B$ \" {5 D
interface Serial0/0
- P3 n' m+ F- ~( w% E ip address 172.14.9.2 255.255.255.2524 m2 O9 b2 @5 q9 S9 x
encapsulation frame-relay
/ z) w& Z3 h" M) g ip ospf authentication message-digest, m/ s4 H$ K3 \3 V' f
ip ospf message-digest-key 1 md5 cisco
/ `4 Q" f3 h* A9 k* N3 e! l- U ip ospf network point-to-point
6 ~% a0 W5 w- ]) y6 {; b1 h' f serial restart-delay 0
2 F) K p6 B% e: f( h no arp frame-relay
4 x0 J) u( l' ^1 O* z, M7 a frame-relay map ip 172.14.9.1 22 broadcast
$ B% k6 X, [# o! R! f no frame-relay inverse-arp3 k9 Q4 Z, V$ k8 k3 c6 i- w
frame-relay lmi-type cisco6 o: }2 j3 A- t% o
end1 n( H! J( m& \# e" s
//本地DLCI号配错,并且少了自己的帧中继映射表。$ h9 X. N o" ^! D/ i! b, d4 a7 r( y8 |
//插播:为什么要配置自己的地址?. `( K; T2 E5 ~) J1 V
因为帧中继链路如果想ping通自己的地址,则需要把数据包发送给对方再返回,9 F9 ?! B% E1 N ~* [4 k! G
在没有配置映射表的时候,数据包不知道这个没封装的包要如何发送,所以会失效。# r6 F4 l' q5 H, y! _, J4 F" A
R23(config)#int s0/0
& n9 t9 |' A" J" b" [ w9 C7 QR23(config-if)#no frame-relay map ip 172.14.9.1 22 broadcast
. S4 V% A+ m' BR23(config-if)#frame-relay map ip 172.14.9.1 23 broadcast: Y9 D" W5 B5 P6 J' C- o: W* b1 h7 A2 N
R23(config-if)#frame-relay map ip 172.14.9.2 23 broadcast
$ Y7 j6 L7 i8 C* _R23(config-if)#. ^9 T9 B7 C/ e8 N
*Mar 1 00:16:23.083: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.1.22 on Serial0/0 from LOADING to FULL, Loading Done. a- i# {9 w4 e. b; U/ s3 j
R23#ping 172.14.9.14 ~9 A& i: I y- _& o& h) ?
Type escape sequence to abort.* o' v* c9 N- `" U- R
Sending 5, 100-byte ICMP Echos to 172.14.9.1, timeout is 2 seconds:
; w5 v5 e R$ u9 y$ ?!!!!!
5 b0 h1 P8 W4 q/ F& v1 h: YSuccess rate is 100 percent (5/5), round-trip min/avg/max = 12/33/64 ms
5 H7 ?9 @: l" u, G( L" ~R23#ping 172.14.9.21 H/ ]0 i' {( P; O8 H: Z
Type escape sequence to abort.. f | W4 t% j5 i% g
Sending 5, 100-byte ICMP Echos to 172.14.9.2, timeout is 2 seconds:+ d: U+ t! s, `& X! q' G
!!!!!( W0 c. N& `4 A* H
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/76/132 ms2 l) s+ r1 z7 M0 D
R23#
5 o6 l0 i6 {% i" ~- r2 h6.Following the diagram, R20 logging in R23 should be NAT, please figure out the questions.
! H9 ~& @0 d8 BPro Inside global Inside local Outside local Outside global
6 b9 G, \. h1 R4 w2 a2 z# Ctcp 172.14.9.1:18335 172.29.7.5:18335 10.1.1.23:23 10.1.1.23:23
: b# h, v' o/ e6 Ztcp 10.1.1.22:36018 172.29.7.5:36018 10.1.1.23:80 10.1.1.23:80
/ C) M# v1 |, K( F9 W( p
. W% }3 z5 l# ~8 t% L8 G% l//R20登录R23会出现地址转换。从拓扑图中,我们可以知道R22是NAT服务器,我们主要解决的是服务器的问题。% S% d& d7 e. O, b3 I7 Y$ F
//根据上图,我们可以得到的信息如下:
/ e- c# O8 Z7 F, y! `- ` g9 [R20的e0/1口以上,是内部区域。8 J8 O/ @7 Z: c8 q
R20的s1/0口以下,是外部区域。R20的内部本地地址172.29.7.5在通过R22NAT服务器的时候被转换成172.16.12.1来连接到R23的Loopback口的23端口。! Q& V0 |- u, r" t) d! w. h
R20的内部本地地址172.29.7.5在通过R22NAT服务器的时候被转换成10.1.1.22来连接到R23的Loopback口的80端口。
( Z- u. d. {$ D* e; K: PR22(config-if)#do show run | be ip nat3 F. v+ o# Q ?! {1 ^+ ?
ip nat pool aa 172.14.9.1 172.14.9.1 prefix-length 24/ ^8 f0 |5 Z% C7 m! U7 I4 k
ip nat inside source route-map b pool bb overload
4 K1 U. y8 _" h9 a) I!( z9 T) W" L% m( H, l! @
access-list 100 permit tcp host 172.29.7.5 host 10.1.1.23 eq telnet9 ~, S. a8 u% ~( ]5 v
access-list 110 permit tcp host 172.29.7.5 host 10.1.1.23 eq www
# Y) O3 Z% t; F!! A1 ?, G$ \7 z) x8 \6 x
route-map a permit 10
g! @! n" ?. u match ip address 100
# S0 q. D3 y2 m; b- U; S!, e: h$ B5 k$ y. o/ O
route-map b permit 10; T+ g: l& Q3 o
!5 j9 O# {( w$ ~2 F0 d7 U7 _/ s
//在这里我们发现有两条访问控制列表应该被使用,但是目前只使用了一条,包括其他所有的命令我们需要补全它。
; Y; n% {% @' d" I+ S2 IR22(config)#ip nat inside source route-map a pool aa overload9 t8 o5 x4 Y$ q. C
R22(config)#ip nat pool bb 10.1.1.20 10.1.1.20 prefix-length 24! ]' L Y K9 D7 ^( B
R22(config)#route-map b permit 10
4 ~4 G& t; T1 b# JR22(config-route-map)#match ip address 1104 Z! z9 i! R9 D+ c
R22(config-route-map)#exit
& f# L& n& @5 F//完成后在R20上尝试是否能登录过去1 ]4 m0 B0 j; C2 U/ L
R20#telnet 10.1.1.23 23
( y$ z0 e/ \0 [/ K$ i1 Y; ATrying 10.1.1.23 ... Open8 k0 H* x; h- N: Z/ H" I
User Access Verification( E& b k6 s r+ |* f9 }3 x! h
Password:5 o3 {+ i8 q( h( l, h% D
R23>exit( ?) O3 D! `7 A; B, l. z$ n
R20#telnet 10.1.1.23 80; H6 @5 x1 M# N4 V0 L* b% c
Trying 10.1.1.23, 80 ... Open
5 G8 I2 b6 F4 P2 l$ w7 _exit
4 n+ O: U( o! S8 Y1 M+ mHTTP/1.1 400 Bad Request, D3 C/ g% R# ^* a
Date: Fri, 01 Mar 2002 00:06:38 GMT1 ?) Q. Z9 T) O; m+ Q
Server: cisco-IOS
/ L( K! {) f$ h1 r+ n, JAccept-Ranges: none
/ x' \! l8 o* r400 Bad Request
6 i# q+ U6 Z' S2 T! U[Connection to 10.1.1.23 closed by foreign host]- q# |/ h9 N/ x& O! {
R20#
" i' o/ H: c5 D//在R20上测试完后,我们去查看一下R22NAT的转换表
- g. z/ Y/ T8 y) {R22(config)#do show ip nat tra! L" I( v! C5 N3 f
R22(config)#
6 o. l2 g5 V* v) T' {: \//转换表是空的。去检查一下接口是否启用了ip nat inside & outside. t% z! ~/ [, q. i6 t, c/ q
R22(config)#do show run int e0/18 f1 c! M; a3 @8 ^1 X
ip address 172.29.7.6 255.255.255.252* N0 q0 h; ^/ c+ a4 \0 |8 Z0 v
half-duplex
* o) n+ H2 l m2 yend
; T7 Z6 u2 b/ z3 I ^# aR22#0 A: O3 G: E, K! i* ~( @5 }+ P% s
//把两边的端口同时进行补全。. s' G2 p* V9 m: \; R4 s5 c5 ]
R22(config)#int e0/1
" U! [+ I( p) l/ T' v" a% ^8 [! IR22(config-if)#ip nat inside) W& e% K& p4 O
R22(config-if)#int s1/07 ?. T9 n& a0 o- Z- g' x9 b
R22(config-if)#ip nat outside
' V- P. A) a' g1 q3 m" @//完成后测试
, L4 `0 @* m+ R' e/ o5 `* U. j" ZR20#telnet 10.1.1.23 806 I: M8 I/ i! ]
Trying 10.1.1.23, 80 ... Open
( J% q: R* n, ]/ R/ Cexit
7 N0 D0 P, R& y' g% d& oHTTP/1.1 400 Bad Request' M% h# ~5 S4 Q ^6 X
Date: Fri, 01 Mar 2002 00:08:37 GMT
% h+ Z$ t, k$ J* B: vServer: cisco-IOS. X9 ?! r2 V5 U2 R3 e+ g$ M) [
Accept-Ranges: none2 V9 `4 _9 b/ u. _4 I
400 Bad Request
* Y6 Y! \# b% e- @2 W, F" ~+ m% f1 Q[Connection to 10.1.1.23 closed by foreign host]
* `8 E% s7 ^; I# FR20#telnet 10.1.1.23 23
* R. I2 {' |$ J. Y5 xTrying 10.1.1.23 ... Open8 Y* g( s& [) N8 L' Q( }8 C
, N( B+ I, l& l5 Q
User Access Verification
1 H7 b+ Z3 g' g7 NPassword:
6 H4 W' v" `, ~R23>exit! E- [, M# q; f0 ^
[Connection to 10.1.1.23 closed by foreign host]) f/ w3 Y% R/ \# |& y! _# r7 d9 e0 l
R20#
L" M0 ]8 G& i1 {//测试方法, {! u4 L: v" a2 B
R22(config)#do show ip nat tra0 k9 {$ W3 Z0 v$ y( x6 n: B
Pro Inside global Inside local Outside local Outside global1 b# {: x% G9 N% |" b* \6 b
tcp 172.14.9.1:22209 172.29.7.5:22209 10.1.1.23:23 10.1.1.23:23
2 L+ f+ ?1 i. U) Etcp 10.1.1.22:56248 172.29.7.5:56248 10.1.1.23:80 10.1.1.23:80' n4 T9 t( `0 o& F1 n* m
R22(config)#
/ ?6 t6 p; R" U% p( f7 A//结果输出* N# H; q T) u7 p: J/ H. ?
7.touch off the EEM run when the R27 ethernet0/0 administration down.
! n8 c X- _! Y+ v( h9 L" p//这题的要求是当R27的e0/0手动shutdown之后,触发EEM执行no shutdown命令。
/ u; `! H1 C! r( a8 X; o//首先我们可以先要知道手动shutdown了E0/0后的命令是什么。! {) M- W, }6 _ i, \
R27#show run | be event man, h- H1 J0 o& ~- s+ r6 x, M( B
event manager applet xx3 j- q! Q* @! c' N
event syslog pattern "down down down down"
6 W9 e7 E/ t2 Y( Y action 1 cli command "enable"3 Q1 O- \0 O* u7 `
action 2 cli command "config ter"/ u: {& F& T5 X& }* j! l7 \6 m4 q6 g
action 3 cli command "int lo0"& Z. I N+ r# N( r& Z* S8 W! m- d
action 4 cli command "no shut"
1 Z% x& t9 k! A. ` q!1 h7 U* e1 s8 g% L
end
, r$ L( r/ |( |4 Q//这段EEM有有两个错误,一个是截取的内容,一个是进入的端口。
5 q: w3 {& ^! Z! W6 NR27(config)#int e0/0) `' w5 k& t5 U B4 o% G
R27(config-if)#shut' O' j: {$ L3 Y, ~4 l
R27(config-if)#3 @' V) O- P8 G0 [; B6 D+ ~
*Mar 1 00:04:44.379: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down8 ~% [/ d. p" c8 C1 B7 E. {
//我们要引用上面一句话,所以通过这个方式来提取信息是最安全的。3 n* L, y7 _" [5 ?* I% l m
R27(config-applet)#no event syslog pattern "down down down down"
& P6 j, P3 k. rR27(config-applet)#event syslog pattern " Interface Ethernet0/0, changed state to administratively down"$ E2 G: w! I0 \# n
R27(config-applet)#no action 3 cli command "int lo0"
5 \. r- P6 }$ a6 w$ k4 a& nR27(config-applet)#action 2.1 cli command "interface ethernet0/0"" R. N7 q( I4 G n: Q% O
//输入完后要no shutdown端口才能生效。2 y9 x9 u, v* x7 q: V. U! z
//接下来,我们进行测试。
" Q% }. O+ A& r5 v5 `R27(config-if)#shut
1 G% E* V# S9 i- b3 F* [3 |- ]R27(config-if)#8 y, e. \; J: l6 `
*Mar 1 00:12:40.283: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down( G Z5 O; |% e7 m
*Mar 1 00:12:40.687: %SYS-5-CONFIG_I: Configured from console by vty05 h/ [" D, n" Z2 ?- c
*Mar 1 00:12:42.547: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up; w& ^+ U) F: Y- F @, w1 R6 d
R27(config-if)#
& g( R$ f4 {' `" Z, U8.R20 loopback0 can NOT ping R26 loopback0.
6 U9 y' E/ f; l! z! u0 E" z5 R! i, z//先去R26查看端口的IP地址情况。
' y2 V- |, Z% pR26#show ip int br: |* f' C3 c5 u( X' y" t3 M1 a
Interface IP-Address OK? Method Status Protocol
0 E) E* F2 e1 k) t+ D7 @0 pEthernet0/0 172.14.11.10 YES NVRAM administratively down down
5 ]' l' S( r& O+ I* ~Ethernet0/1 unassigned YES NVRAM administratively down down
5 c- g9 W- @& M2 HEthernet0/2 unassigned YES NVRAM administratively down down" c4 t5 i. q4 D) p+ k
Ethernet0/3 unassigned YES NVRAM administratively down down
9 ^1 J/ L, k0 r/ H* Y% lLoopback0 10.1.1.26 YES NVRAM up up
5 F. n- S! | iLoopback100 198.168.20.1 YES NVRAM up up . R! }1 Z3 k: {
R26#2 v' f. z5 N$ h) w
//把E0/0端口打开。
& R1 c' P8 ~: L. Y& {R20#ping 10.1.1.26$ A( C0 t2 x7 I1 l! Z
Type escape sequence to abort.) T/ d6 F/ D. f K4 i
Sending 5, 100-byte ICMP Echos to 10.1.1.26, timeout is 2 seconds:
3 Y5 C1 L% F1 K5 H: X!!!!!8 ]. {& L" `' F/ x
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/72/104 ms3 {; T" v$ M, V% Z7 m
R20#- C/ j; w, M3 w# ]% k2 B; y' T
R26(config)#do show run | be r o
% Y0 p6 @. F, i( J" t; Xrouter ospf 100 `" d6 k) ` F# I( L8 ~
log-adjacency-changes
2 s! i3 n$ M( L6 W area 1 authentication message-digest
! U3 ~6 `- Z5 M. Z area 1 nssa
" a6 J$ m6 ^9 b9 r) ~ redistribute rip subnets route-map conn3 I3 @+ F- Z N
network 10.1.1.26 0.0.0.0 area 1
8 n0 e( ]8 U* |5 S. ^' T" c, l0 h network 172.14.11.10 0.0.0.0 area 1# z' b3 E, u% P
route-map conn permit 10
+ j( B, G/ x' A# F$ f! z Q: ? match interface Ethernet0/2
; D7 q. O) Y j//RIP重发布进OPSF匹配了route-map,解决方法可以把Loopback地址加进去,或者把route-map删除。
- Q% `/ R3 F: b6 }/ V) l" e6 mR26(config)#route-map conn permit 20
$ ~, N' w# R5 j1 J+ L6 qR26(config-route-map)#match int loopback 100
) Z# M- I& P+ S4 m) j, R$ m5 a0 D2 P/ MR26(config-route-map)#exit+ ?) b, |# t! V% s/ }2 j
R20#show ip route | in O E2
( }6 M7 K, Q, V5 F, G% G0 ^O E2 198.168.20.0 [110/20] via 172.14.9.2, 00:01:13, Ethernet1/1
* M/ H: ]# e' l- g5 jR20#
, L* a+ h) X! j& g2 dR20#ping 198.168.20.1* a3 e& m3 O/ X5 _* Q
Type escape sequence to abort.
$ L% F, _2 P' Z% C w% P1 F% bSending 5, 100-byte ICMP Echos to 198.168.20.1, timeout is 2 seconds:, V# C. b2 h. [ f7 T2 p
!!!!! ? K* H* V; R: b& [, _2 G
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/45/100 ms
5 W( F- D) f1 y& A3 w: ^R20#- i+ E( Z: p* _5 y( R% _9 z
9.R14 loopback0 can NOT ping R8 loopback0, fix it.
+ U) l7 Y5 C1 V这题无法模拟,只有写出问题所在和需要注意的事项,最终参考“成都互联神州 超详细 Francisco” 的战报。. a; R& J& D( B2 c3 D; ?6 Z0 o4 k% r
R14 ------ SW2 ------ SW1 ------ R10 ------ R8
4 U. S- y, _' L; S: K这是物理拓扑图的连接方式。
) R, C; K' E: u* h1 _2 h需要注意的事项。; e9 k0 ]+ Q( z6 K2 r
1.VTP domain name (CCIE)
" K5 M" k: t/ ]2 K2.VTP password (cisco)1 C. v( u2 T' }
3.VTP mode (SW1 Server; SW2 client)8 j8 o0 U. ]' d
4.VTP (version 2)
/ m1 {3 c2 M: i* W; a, E5.VLAN号是否相同 (114)考试的时候不是这个VLAN号,或者说根本没有1 W/ b+ Q \$ {) l( [5 |9 S: x
6.端口是否有加入VLAN# Y1 E# Q% `6 U" S( ^' P5 G& P6 j
switchport access vlan 114
6 I0 m- [8 `) X" D1 G1 r. c. w- s switchport mode access W" t. z- J0 p* G% n3 I
7.SW1 和 SW2之间的模式 (trunk). m4 W" C, s% i; o0 ^7 n3 i
switchport trunk encapsulation dot1q
9 ]0 o" b% e ~! h switchport mode trunk# h8 q4 E* o- }/ r& b$ q2 Z* X( u4 W
/ ]3 _# S) J6 A- k
10.Match precedence 5 with R11&R12 to R7&R8.4 C% Q. g7 o8 A/ B8 v
R9#show run int e0/2. e q$ }( a+ o, q9 t0 Z4 b
interface Ethernet0/2# n( J0 h+ B8 X! L7 ~
ip address 10.10.10.29 255.255.255.252
: P& W6 U7 T9 p2 A6 I rate-limit input 8000 1500 2000 conform-action transmit exceed-action drop; f% T( N3 `' D
ip policy route-map PBR9 ?- V: k$ {3 M2 e6 K! q- A
half-duplex& W3 p/ q& l4 H; ~$ ^
service-policy output xx% M. j, Q! [3 E$ Z- v& n, \
end
7 Y* S* c0 `2 X# b5 Y1 a3 pR9#show run int e0/0: N) V" ~$ E; z+ g5 ^2 X
interface Ethernet0/06 `" _" J7 v1 @* m2 {' v
ip address 10.10.10.37 255.255.255.252
5 c: }' A; E* |! f6 t& z ip policy route-map PBR5 n: ?4 m: O3 Y/ j6 q8 ?
half-duplex% v) s! m3 P9 D0 k. m; Y
end3 |9 ^7 L8 k2 A9 |
//端口上有流量限制,route-map policy-map的限制
: J- p+ f9 W# }5 L+ M0 D- k//检查各列表的匹配情况: s: F9 o X% ~! y+ [7 c
//把所有的配置都完善一下,并且把下一跳限制取消。
f" [. x ~* Z7 k//access-list 100 是匹配 class map ---- policy-map ----- 再应用到接口上
8 T3 b- k% j% q9 J0 y6 O J对于E0/2的端口,就只是抓R11的路由。4 l6 i/ a8 O, i. Q8 V: F
对于E0/0的端口,就只是抓R12的路由。, ]; ~( {3 g: s g9 w! J
这题正常的配置和测试方法应该是:0 `/ C2 x, u$ S! E8 N/ J
R9:
1 j9 Q6 ]" a- y# mip access-list extended R11
1 R) F& a" G$ W6 w& _* y2 a* } permit ip 10.1.1.11 host 10.1.1.8 precedence critical- d" Y4 \' \; G+ L' g7 _1 F9 C9 g* Z
permit ip 10.10.10.30 host 10.1.1.8 precedence critical
* O$ ~0 E) k9 Y8 F1 n5 q$ L permit ip 10.1.1.11 host 10.1.1.7 precedence critical2 D' P, A* j1 H* M% _, E, E
permit ip 10.10.10.30 host 10.1.1.7 precedence critical' m) r. K; }/ }, X
ip access-list extended R12
; n( g0 v! T9 Z3 H8 L permit ip 10.1.1.12 host 10.1.1.8 precedence critical
) G2 ^" o: R. P) p7 N) V permit ip 10.10.10.38 host 10.1.1.8 precedence critical
3 z" c' z. ?. {+ C9 K permit ip 10.1.1.12 host 10.1.1.7 precedence critical2 t K" y. Q: B. c: E1 C
permit ip 10.10.10.38 host 10.1.1.7 precedence critical; l0 h7 @3 v7 g
class-map match-all R11
/ B8 d% {% I8 a match access-group name R11
, Z3 C* d8 O; uclass-map match-all R12
: U4 s- ^" O# N1 t match access-group name R12( n% i+ d/ l9 R+ ^$ D
policy-map R11
s! P2 R0 y3 q9 s class R11& R. L! E7 S# t/ a4 H9 E1 U
set ip precedence 5
' t* [8 o5 k0 w& a; K( S1 r, x- epolicy-map R126 J9 k; P' r1 G0 P2 D
class R12. P% F& K7 g# @5 x: P) {
set ip precedence 57 N& D i7 k k" `- i2 Y
int e0/2' `' | I+ S- W) B$ G
service-policy input R116 K7 x6 Y' |* C3 X- _
int e0/08 ~$ [$ |" [4 s# t" D
service-policy input R12
( k% A- i7 q. L% l6 T% B//配置完后进行扩展ping测试。
+ i' P0 E. Q7 P2 V) ~2 DR12#ping
7 v( H6 J6 c$ ^2 w3 wProtocol [ip]:
+ c l2 b$ w2 O1 c% m% C; fTarget IP address: 10.1.1.8
. a2 `' a: @+ o+ k5 `) d! PRepeat count [5]:9 b6 M# n0 v0 y- x) ]& z4 i0 W
Datagram size [100]:3 A# B H& y( D
Timeout in seconds [2]:
! d0 z9 _! J0 ~; o! _2 pExtended commands [n]: y
7 ` p0 m0 x4 y0 R7 c/ M1 {Source address or interface: 10.10.10.38
# t+ s; q/ G% h4 V2 a# p. Y RType of service [0]: 160
4 y- H3 X- H- kSet DF bit in IP header? [no]:
3 u1 A% r; q! f L A1 J- v9 T' EValidate reply data? [no]:
- l% \' |6 M5 F! A2 K7 K% F9 d4 \Data pattern [0xABCD]:
7 G( ~( P& @) D' ]Loose, Strict, Record, Timestamp, Verbose[none]:$ @# `. R2 j& d
Sweep range of sizes [n]:# W; L6 d# j( d3 m4 r
Type escape sequence to abort.7 Q1 K: q" |5 R; m% l1 s, |
Sending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:
) M- e7 g P6 ]% p- r/ ZPacket sent with a source address of 10.10.10.38
) a6 {4 m* _3 g* W: I% H$ G& v!!!!!
! g r* C1 k$ ~3 y2 \! BSuccess rate is 100 percent (5/5), round-trip min/avg/max = 48/57/80 ms: B# H1 {0 Z, `1 k8 R$ @7 A# t S
R12#+ `) _/ Q( T6 u$ s0 A4 D/ {% Z/ ]( X
R9(config)#do show policy-map int e0/0
8 r0 ?; [) c7 r1 E4 E Ethernet0/0
/ G7 Q* ?5 j: f# q7 L" [; b+ V Service-policy input: R123 F) r" { Y7 f1 y5 Q
Class-map: R12 (match-all)
1 j/ z6 I% R0 K7 N& m 0 packets, 0 bytes; N# b& W$ n: m( a
5 minute offered rate 0 bps, drop rate 0 bps
! F/ m) G9 M0 @+ X6 u' ^0 w Match: access-group name R12
# _1 ], ?' ~( h# I QoS Set
( O2 E1 A! J% o- ^ precedence 5
0 [ M+ k" o) k# u( f Packets marked 5
, s/ ]" F" ~' T3 i7 `0 L8 P! c Class-map: class-default (match-any)
- w& J7 v0 D" N. q: m ]; } 111 packets, 11298 bytes" F7 A4 S2 W# J2 @1 ~1 m& n7 \
5 minute offered rate 0 bps, drop rate 0 bps3 t, n# C6 d( v" l
Match: any2 g0 B/ z# Y: V( B) G5 h7 Q& C
R9(config)# D |! f# L! ?. }! F
R9(config-ext-nacl)#do show access-list
- Z, [, i+ s/ L9 A4 S& W( _: VExtended IP access list R12
% y0 P h" o. r* H2 S. u$ f 10 permit ip host 10.10.10.38 host 10.1.1.8 precedence critical (5 matches)3 e% V) F5 \, S' C' I# q- b
20 permit ip host 10.1.1.12 host 10.1.1.8: B7 a$ Q! \0 B7 A
30 permit ip host 10.10.10.38 host 10.10.10.21
% @/ t/ t Q: ^- } 40 permit ip host 10.1.1.12 host 10.10.10.21
( p8 _7 {1 x* q//把剩余的所有IP地址都匹配上,然后进行测试。
: P/ ~3 ^4 Q. h' [2 o
7 Q+ Z# t4 e {+ I9 T3 Y# t-------------------------------------------------------------------0 g/ T/ v% d7 E& [5 _9 z) ~$ N
cos
+ Q) r3 J% u' V' S000000 routine (0) 03 ^, N) q2 w$ [ g7 t% a
001000 priority (1) 329 ^8 Q8 F2 p4 V6 }
010000 immediate (2) 64" r7 J) u* m( X$ O* r( x
011000 flash (3) 96+ q- C3 j4 m/ f- y. t/ u/ D
100000 flash-override (4) 128
' q) @0 }, Z+ k; D101000 critical (5) 160* I0 ^, I% T3 U0 f2 d2 L E
110000 internet (6) 192
0 T$ w2 x" [5 ~4 v; Q111000 network (7) 2240 w. y# Q' f2 L$ {( w
TOS 前3位
0 g; T, `* Y$ i# m3 pDSCP 前4-6位# Y- Y! }" x6 }& C u4 `
, D( e$ j: k/ L3 a" ], v6 ~1 a2 A. _2 W
$ s X \5 A8 x1 L' [3 {7 k2 O& k7 L9 J! J" d5 r6 A. K3 r
; N0 {9 ~/ ]9 i5 h+ ~' F; ]8 B) U) G9 c3 h
/ \ e( z5 ]' C" W9 h* A$ f( z6 a
4 q' L( M' u. m. s" V! x
. ^4 m v; s- ?# q( r! A5 B/ M; N) r! f8 [1 [6 e
TS2
$ G0 e9 ~/ p' }5 J+ S//部分路由器编号不对应,请参照正确的拓扑来查看。
+ n& `" F: Q( ]7 T; V6 h$ R1.R31 & R8 should established security BGP neighbor.
- I, ^1 m0 ]' p//打开路由器后,直接就收到了MD5密码不匹配的消息,查看BGP邻居关系,并查看show run 的BGP密码匹配情况。
" ]- I% D5 ]9 q*Mar 1 00:07:30.379: %TCP-6-BADAUTH: No MD5 digest from 10.1.1.8(179) to 10.1.1.31(45688)- M+ i6 n# z; U
RACK30R31#7 w |/ C- M; M k+ O1 s- ^7 Q
RACK30R31(config)#do show ip bgp summ
$ B1 s8 K% h" J- o) o) @/ k1 @' aNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
0 t& F' u! D# e8 X, E# W10.1.1.7 4 200 14 14 2 0 0 00:10:13 12 g6 e2 d' S9 l o; W
10.1.1.8 4 200 0 0 0 0 0 never Active
) ]' x2 f( {! G$ {) k) \10.1.1.30 4 200 0 0 0 0 0 never Active. ~# z' J+ Q6 y& i/ z2 k
RACK30R31(config)#: |, x o4 U* \2 b+ A
//确认BGP是否无法建立。
3 W5 G% n0 Z: [" i6 ZRACK30R31(config)#do show run | b r b
( _6 U3 i4 o' i$ K/ g$ g; N5 b/ \3 u, `& crouter bgp 200, N0 J3 l, D+ R- w& p; k! S# j) X9 A
no synchronization6 p4 {8 l, I4 J, H6 O$ f- {% M
bgp log-neighbor-changes
5 O9 e {5 g* P4 ^7 b9 N! c neighbor 10.1.1.7 remote-as 200 o$ p6 a+ G( v) K: Q6 H
neighbor 10.1.1.7 update-source Loopback0; B3 N, ~* z8 g8 m/ |
neighbor 10.1.1.7 route-reflector-client" P- D5 O' {/ r: L
neighbor 10.1.1.8 remote-as 2004 E6 n! o8 S9 ?) {
neighbor 10.1.1.8 password cisco
7 `; Z7 J& C3 f3 ~$ [$ T! w9 M neighbor 10.1.1.8 update-source Loopback0& {. k7 B5 W4 n$ q9 |) U
neighbor 10.1.1.8 route-reflector-client
4 ^ D) a; L! m" [; C9 i8 a neighbor 10.1.1.30 remote-as 200$ c. l Y [. H4 Z+ u D
neighbor 10.1.1.30 update-source Loopback0
* H# Q: D5 a. [7 d: j7 U U8 M no auto-summary
8 w( |9 z# `7 z& N1 v% q9 ?//R31对邻居R8配置了密码。去R8上查看密码是否匹配。
j/ e9 R$ x# K z& kRACK30R8#show run | b r b
0 B Y" d# e/ Q0 Frouter bgp 2007 v: l7 S; C" x, b4 x& J: Q
no synchronization( I9 Z2 {: r0 t1 j
bgp log-neighbor-changes
0 \* t0 E4 S6 C' f1 R neighbor 10.1.1.31 remote-as 2006 F5 X/ O9 m, o; ~9 F
neighbor 10.1.1.31 update-source Loopback0
- ~) ~, k* c2 z a2 E. e neighbor 10.1.1.31 next-hop-self
. [! D0 k8 K1 I2 U, s: s. V neighbor 10.10.89.29 remote-as 300
+ \' r% Z) n7 t, Y0 d9 `# D no auto-summary
3 a. I6 F0 l: k. ]//R8上没有对R31配置密码,进行配置。
& r+ t Z+ G4 l* X6 RRACK30R8(config)#router bgp 2007 n' t1 Q$ R5 w( T* d
RACK30R8(config-router)#neighbor 10.1.1.31 password cisco
) g( `6 X1 r2 R6 a0 {9 IRACK30R8(config-router)#7 c6 ^) B/ X4 |3 e8 N
*Mar 1 00:22:38.127: %BGP-5-ADJCHANGE: neighbor 10.1.1.31 Up
: u- v8 D* B8 `( c; K6 r$ f Y0 lRACK30R8(config-router)#
; R% F, j, i3 {) B//基于题目的要求,安全BGP,所以对两台路由器BGP所配置的密码进行加密。: y2 F6 |1 B) u* x' m" g+ q
RACK30R8(config)#do show run | b r b
~; u+ |7 ^ O% L4 z8 urouter bgp 200
! S6 r7 Y; ~0 V3 @- { ^4 H" C no synchronization( E. C) M$ }1 Z
bgp log-neighbor-changes! J1 Z' f$ l% b+ Y& {3 U. ^' v( Q# r+ G% h
neighbor 10.1.1.31 remote-as 200
9 r+ j) {! W" T2 }+ E+ s neighbor 10.1.1.31 password 7 00071A150754
3 ^( ~. k4 ^* G/ D. U neighbor 10.1.1.31 update-source Loopback0
@3 U2 T; E8 n5 k+ u neighbor 10.1.1.31 next-hop-self
/ Y' `1 q* k; ?8 Z/ u neighbor 10.10.89.29 remote-as 300
: ?& Q/ {5 M* ?7 c/ f; t5 b8 i$ w3 x no auto-summary# E$ l2 n* | L
!
D& Q3 S/ c9 R: D7 I5 }RACK30R31(config)#do show run | b r b# r; M, V; Z& x
router bgp 200+ y. X I* |9 ^3 X
no synchronization5 ]9 l! R+ F' r+ j
bgp log-neighbor-changes
+ L; O+ [; h5 G7 g: ~6 t neighbor 10.1.1.7 remote-as 200$ |& P, W6 Q+ X& v# a& C0 q& {- u
neighbor 10.1.1.7 update-source Loopback0
. T/ v- Q' E* V: G neighbor 10.1.1.7 route-reflector-client
" Q6 s# k6 S- [- g7 T neighbor 10.1.1.8 remote-as 200: Q* i' M6 C: Z5 i0 d
neighbor 10.1.1.8 password 7 045802150C2E
& a: h! Y9 Z) ] @5 I neighbor 10.1.1.8 update-source Loopback0. F1 Q' A) t T2 G: B ~ q
neighbor 10.1.1.8 route-reflector-client
* U" I) U" G5 @& W3 |3 r8 U% ^ neighbor 10.1.1.30 remote-as 200
% R3 ` A/ c. T% d: V9 @ neighbor 10.1.1.30 update-source Loopback0
8 E$ p- X2 R) [ H' l. s4 P( u no auto-summary! }6 ~) E6 v& S
!0 S! b8 W4 \. K, q
" f" p7 `- w+ U9 f
2.R2 loopback0 should ping 10.1.1.27 (use one command and same device to fix it).3 M* a2 T3 \( W# e* R# c8 e
RACK30R2#show ip pro
) B2 o4 v0 P9 j6 W, d7 `: rRouting Protocol is "ospf 1"
/ c2 v4 H" `0 L1 [0 ?5 B- N) q Outgoing update filter list for all interfaces is not set$ w( J+ L3 S( Q) i' r
Incoming update filter list for all interfaces is not set* P1 I, b6 i9 ~8 w9 p7 v8 a
Router ID 10.1.1.2
* f2 r" B1 H# j+ i! B8 ^5 _ Number of areas in this router is 1. 1 normal 0 stub 0 nssa1 @( X9 \: L8 B9 I4 r" M$ |
Maximum path: 4
- {' W5 \2 q4 l+ N8 j9 W/ D( J% o/ m Routing for Networks:' w; S4 [% h6 Y+ a$ e8 Q
0.0.0.0 255.255.255.255 area 2 k5 k. Z" k: D0 E) s
Reference bandwidth unit is 100 mbps9 F, s: z6 L8 f7 z9 V
Routing Information Sources:
, F% G S$ F. o. D8 b& P/ ? Gateway Distance Last Update' w4 N! M4 ^- ?4 \0 m ?, o* _" c4 ?8 t
Distance: (default is 110)- q3 O5 m2 }* G2 ?
RACK30R2#
" A, Z" H% v2 f; m: U& r% | u3 w! cRACK30R2#show ip ospf nei
4 E6 [6 h3 S( O; lNeighbor ID Pri State Dead Time Address Interface
4 u/ C: [0 d+ ?+ Z1.1.1.1 1 FULL/BDR 00:00:38 10.10.123.3 Ethernet0/0/ O7 q( h% G3 x! _: b& a
RACK30R2#
" q3 T# C# C2 B oRACK30R3#show ip pro3 T1 D8 f+ ]- x7 x6 \
Routing Protocol is "ospf 1"" D0 W, o. t- R y
Outgoing update filter list for all interfaces is not set
' m8 ^* F( \; o6 z$ W Incoming update filter list for all interfaces is not set8 f& @; i. _4 m& I
Router ID 1.1.1.1
1 j+ p. X& w; p Number of areas in this router is 3. 3 normal 0 stub 0 nssa q! {7 M/ e5 |; N! R9 q
Maximum path: 4# O9 Q" A# o& [2 O8 i
Routing for Networks:
; f/ j* Q/ g- f( V 10.1.1.3 0.0.0.0 area 17 @+ u/ R0 [ z# J' o" v( K
10.10.35.3 0.0.0.0 area 1
% S4 v. E! |4 Y1 V4 U3 Z 10.10.123.3 0.0.0.0 area 2
$ U/ L# ]: ?% j* a' y2 h4 _ Reference bandwidth unit is 100 mbps
$ C) A! E/ q5 ~; K$ F' x Routing Information Sources:
$ [" U6 I$ H* i) p" p! h- o Gateway Distance Last Update" D6 }: ]1 F! [& }& E2 [1 Y$ ?5 c
10.1.1.2 110 00:32:060 l! J7 F1 F# W% u. x9 b! c" h8 u
10.1.1.5 110 00:31:56
. w9 y0 _, _4 ]% t+ m/ R. i Distance: (default is 110)
8 `& m+ p7 n: o% b- T; XRACK30R3#show ip ospf nei. R b4 ~+ Z0 X
Neighbor ID Pri State Dead Time Address Interface
/ R# O% r6 y0 t+ ]" F2 r2 ^8 _10.1.1.5 1 FULL/DR 00:00:35 10.10.35.5 Ethernet0/05 g2 r0 o" I6 `+ }
10.1.1.2 1 FULL/DR 00:00:35 10.10.123.2 Ethernet0/1
: Y8 b( b- R) _% k) ^$ rRACK30R3# B" I7 {" C; _1 t, U; l' }% F
//R2已经成功和R3建立了ospf 邻居。并且R2e0/0和R3e0/1的是属于OSPF区域2,R3e0/0之后是属于区域1。5 R. }$ ~: W4 [. r# l
//OSPF区域1和区域2要通信,则需要通过主区域0来进行。2 W: P" Q$ A; F
//再经过查看,可以发现拓扑是这个状态:区域0(R8----R6)---- 区域1(R6----R5----R3)---- 区域2(R3----R2); N( a- S6 F! I' p2 w( z
//那么区域2要和外部通信,或者要和区域1通信,则首先应该和区域0建立虚链路。% N& q! l: X0 A
//在做虚链路认证的时候,一般还要做区域0的区域认证,但是现在R3却没有成功和区域0的R6建立虚链路。4 Q1 ?; M; v. H! y" r. }
去R3和R6上查看命令配置。( P) G7 P" y f; w' a) s) A
+ t1 w: k$ D+ N( M& t
RACK30R3#show run | b r o* K; M: s% J- O( T, p4 e) K Y
router ospf 1* V4 Z7 S, M; H @! F
router-id 1.1.1.1* H4 E6 r/ Q- G3 U/ H2 p. L
log-adjacency-changes, @9 a5 o( d$ N4 G. a" k7 x
area 1 virtual-link 4.4.4.4 authentication message-digest
# [. j" K' V+ u9 X0 N* J4 H9 F area 1 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco
: K; T0 Y3 k8 @7 w# |5 ?' { network 10.1.1.3 0.0.0.0 area 1; J6 r- Y* F3 u* A
network 10.10.35.3 0.0.0.0 area 18 u5 v. S6 Y% ]$ } @8 |8 _2 R
network 10.10.123.3 0.0.0.0 area 23 t* {) U( p: V3 j- g
!* W( P) g6 i( o* ~, D6 C1 X
RACK30R6#show run | b r o
2 C" x1 l" S2 r2 q) ~6 j: r' @ M hrouter ospf 1
7 j5 z" p$ L4 ]8 I' i router-id 4.4.4.4) H! Z4 f/ f: J; E/ a! O0 `
log-adjacency-changes
4 ?6 c" W3 t5 P area 0 authentication message-digest
5 E* {+ ]( c4 a) O0 A/ Y' Y area 1 virtual-link 1.1.1.1 authentication message-digest- K: c J7 e# \2 n% {, l
area 1 virtual-link 1.1.1.1 message-digest-key 1 md5 cisco
- ~8 ~) Y: _4 p8 a2 a8 [3 Y. g+ x network 10.1.1.6 0.0.0.0 area 0; q' u4 T7 \; w5 o! k! O8 Y" R/ j
network 10.10.56.6 0.0.0.0 area 1
) [/ }" p! v; M$ L5 G network 10.10.68.6 0.0.0.0 area 0
( A) s/ ?1 @. O, g8 s8 S, SRACK30R8#show run | b r o
. y0 w& L' p9 ]# n, Q0 U8 q1 Orouter ospf 1( U+ {+ t8 j, z
log-adjacency-changes
2 s3 w- m6 ~# |4 S0 t$ C$ K area 0 authentication message-digest
- W" |0 y; i S* I/ K network 10.1.1.8 0.0.0.0 area 0
2 z j3 U, }. b& \' p- b- F network 10.10.68.8 0.0.0.0 area 0' a1 w8 g: r2 S9 ?
RACK30R6#show ip ospf nei
" _/ d8 t, o6 I9 l# VNeighbor ID Pri State Dead Time Address Interface- ]: Q1 V* u) F6 w% {' T+ Y8 P0 G
10.1.1.8 1 FULL/DR 00:00:31 10.10.68.8 Ethernet0/0
4 n; v0 t/ p, h1 I. M, K0 }& r4 m10.1.1.5 1 FULL/DR 00:00:39 10.10.56.5 Ethernet0/1
K( G6 ~* a: j* n3 \! ^5 y1 BRACK30R6#
6 Y8 p6 y5 D& P" P1 zRACK30R5#show ip ospf nei
% g5 O3 j4 _9 X S0 M7 d# h1 WNeighbor ID Pri State Dead Time Address Interface2 R. z3 f: n3 s2 o5 k! O4 I
1.1.1.1 1 FULL/DR 00:00:32 10.10.35.3 Ethernet0/1
, q# U0 J5 X8 z3 G* Y4.4.4.4 0 FULL/ - 00:00:34 10.10.56.6 Ethernet0/04 [8 D: _6 U: v9 {$ A4 B
RACK30R5#
. }: H) l7 e: S3 h4 L2 F//我们可以从这里看到,R3和R6已经配置了虚链路认证(为了确保密码没问题,可以重新配一次)。
6 c% H) y5 M" W% a//R6又和R8建立了区域0的区域认证。
/ ?5 W# T: H& V! O* B: z//目前的状态是R6和R8、R5建立了OSPF邻居;R5和R6、R3建立了OPSF邻居。
5 V* o( b* x4 r! F- V" ? 但是大家有没有发现一点,为什么R5在连接R6的时候会没有选举DR和BDR呢?; O1 ~" R9 n1 P& U
//我们去查看一下R6和R5的连接状态
$ N+ o* Z' ]6 f3 m- `
, u7 _: Z. Y. ORACK30R6#show ip ospf int e0/1
9 f, V% E* v: n2 z3 @8 oEthernet0/1 is up, line protocol is up! U" g4 g' W1 ?$ C6 J+ U; h/ T
Internet Address 10.10.56.6/24, Area 1$ T# H$ X. q, u Z# r4 z/ Q
Process ID 1, Router ID 4.4.4.4, Network Type BROADCAST, Cost: 10" \" ~. T/ D! x5 {
Transmit Delay is 1 sec, State DROTHER, Priority 13 @1 x; O: y: |' h1 ?" c! e' q
Designated Router (ID) 10.1.1.5, Interface address 10.10.56.5
# s8 P* R" B" J% ]* a, ` Backup Designated router (ID) 10.1.1.5, Interface address 10.10.56.5. R& C% @# d. x, I& n
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
2 J- L, u. t/ o ] oob-resync timeout 40
$ q9 ?; p/ {; F0 w Hello due in 00:00:014 `$ y: u. K+ b+ A' o2 P1 _
Supports Link-local Signaling (LLS)
4 P3 Z) N" k2 } R7 o/ A Index 1/3, flood queue length 0
! u8 o7 f/ b+ A0 k2 H4 X6 c Next 0x0(0)/0x0(0)
- ^; z% y* t: Q2 F Last flood scan length is 2, maximum is 3$ x$ A9 N9 [: p3 _$ H" q
Last flood scan time is 0 msec, maximum is 0 msec2 u3 z( N; j/ \3 j" j& Z# X
Neighbor Count is 1, Adjacent neighbor count is 15 z4 J6 F( @5 X3 p
Adjacent with neighbor 10.1.1.5 (Designated Router)! }& u; S0 |1 o
Suppress hello for 0 neighbor(s)7 A7 I5 B% }" O' S# R
RACK30R5#show ip ospf int e0/0
4 y% @2 Y6 O P. t* UEthernet0/0 is up, line protocol is up& j; v2 m5 E2 K3 R$ `% d
Internet Address 10.10.56.5/24, Area 1
2 X" f$ ~" W+ C( T9 ?" e+ L- v( \ Process ID 1, Router ID 10.1.1.5, Network Type POINT_TO_MULTIPOINT, Cost: 10
5 v0 a4 \ Y& j$ t Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
* r) T6 {6 I; M+ y1 ~; d, N2 C8 u/ j Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5+ T* C% h# e0 u4 X# H$ Q. |
oob-resync timeout 40" Q% y7 ?6 k* j/ A M, [# q9 r! {
Hello due in 00:00:07, I' t! e1 j. ?! n
Supports Link-local Signaling (LLS)+ c5 L* n( y" Z; s4 R: v
Index 1/1, flood queue length 0
2 J$ Y$ \$ u0 ]' F Next 0x0(0)/0x0(0)
3 o- t4 q$ j; C Last flood scan length is 1, maximum is 1
; n1 A" {8 ~: P. d- V7 @ z Last flood scan time is 4 msec, maximum is 4 msec+ M, ], W' ~ [
Neighbor Count is 1, Adjacent neighbor count is 1
9 q$ V0 ~, q x) `' k4 ?$ ~ Adjacent with neighbor 4.4.4.45 ?- H3 e' x0 {# f% m
Suppress hello for 0 neighbor(s)) C2 ?& A# p% o& c& l
//从这里,我们可以知道R6之所以和R5建立了OSPF邻居是因为R5的Hello dead time 都可以和R6匹配。
& k+ S1 a J; h% D+ t2 R//插句理论:
" G$ \$ m5 p0 s% g# Q 点到多点的特性:
7 o4 |+ Z5 b% w* X# p4 Q, a 1.没有DR概念# }5 x, e& k& x( q* C. c
2.不需要定义邻居,属于完全邻接, _0 _+ G1 @) u4 m0 N) X' B& I3 C) v
3.整个网络使用一个子网
6 S8 I9 K# A1 Y* Z6 N Z1 ] 4.Hello 30 dead 120 wait 120- f J0 H- b* p2 c' t
//所以在这里因为R5的定义,使R6认为自己有两个DR,一个是R8,一个是R5,导致虚链路无法正常建立。
* R& g m" x/ V0 P2 @) G. e' KRACK30R5#show run int e0/0
( w) b. i3 o5 ^5 minterface Ethernet0/02 k0 h. W* k5 l5 [9 h: n
ip address 10.10.56.5 255.255.255.0' x! z; W$ H2 W" K) Y3 ]4 r4 l& n* s
ip ospf network point-to-multipoint
A9 c/ O) P, ~ Z2 ?7 [ ip ospf hello-interval 107 _" n/ n1 Y( G# W2 k2 _! K
half-duplex- ^3 g% I- [: M2 H6 {8 b
end& \$ a8 P$ d& F
RACK30R5(config)#int e0/0- {% F& c* i/ T% \! H) i. K
RACK30R5(config-if)#no ip ospf network point-to-multipoint( Y' Q9 o; p* d% G3 g
RACK30R5(config-if)#* p( o; i7 s8 n" `) g4 \+ X
*Mar 1 00:22:35.471: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
. S$ {$ `6 D8 C: g J*Mar 1 00:22:35.631: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0/0 from LOADING to FULL, Loading Done9 P9 w O1 R7 e" m
RACK30R5(config-if)#do show ip ospf nei/ u1 r5 W8 n9 J! ~' o
Neighbor ID Pri State Dead Time Address Interface; M/ `# p) y8 N+ a# W
4.4.4.4 1 FULL/DR 00:00:38 10.10.56.6 Ethernet0/0
$ q# r* ?& {: f+ J) W1.1.1.1 1 FULL/DR 00:00:36 10.10.35.3 Ethernet0/1) k# a* Y V% N6 f' y+ z. t
RACK30R5(config-if)#
* s6 `% i$ }8 r {! V+ t//更改过来。
7 m% q6 t$ R) l; [RACK30R6#5 z! l" x. T6 l* G: J- H
*Mar 1 00:22:35.267: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.5 on Ethernet0/1 from LOADING to FULL, Loading Done& o" C' D" U; n1 N
RACK30R6#show ip ospf nei/ g; b$ O3 \ H7 w1 A9 s4 d; _7 @ W
*Mar 1 00:22:50.891: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on OSPF_VL0 from LOADING to FULL, Loading Done0 _1 g& o. J* K1 _1 L- V/ A- W; h
RACK30R6#show ip ospf nei
$ [4 E3 J1 {) P7 _- S' s' s3 @Neighbor ID Pri State Dead Time Address Interface
7 s; c2 G# p. A$ W; w, t1 n9 _10.1.1.8 1 FULL/DR 00:00:39 10.10.68.8 Ethernet0/0
R9 A( j4 q& O5 n1.1.1.1 0 FULL/ - - 10.10.35.3 OSPF_VL0* R, l" {3 s, C3 a4 s& N2 M/ J6 Z
10.1.1.5 1 FULL/BDR 00:00:37 10.10.56.5 Ethernet0/1$ R: B! ^* [* t ?% ~% ?
RACK30R6#
3 f+ J' p& B7 P//R6重新进行了DR和BDR的选举,并且成功和R3建立了虚链路。去R2上查看路由情况。
9 w. L: a& Y+ q7 j" G0 a
' M) G1 ~+ q, p+ A6 n. TRACK30R2#show ip route' I4 W5 B% ]0 J# i, s7 p' w
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks f( s, N) c+ E
O IA 10.1.1.8/32 [110/41] via 10.10.123.3, 00:05:16, Ethernet0/0
! w* c: e+ a* e' U- YC 10.1.1.2/32 is directly connected, Loopback0
% D# H9 A* }6 k& T. F, jO IA 10.1.1.3/32 [110/11] via 10.10.123.3, 00:05:25, Ethernet0/09 C0 M7 a0 |, C+ {# ~% \0 \& p0 M
O IA 10.1.1.6/32 [110/31] via 10.10.123.3, 00:05:16, Ethernet0/04 T) `4 b# p1 Y- j2 F0 n
O IA 10.1.1.5/32 [110/21] via 10.10.123.3, 00:05:25, Ethernet0/0
4 C: B; h+ d0 \O IA 10.1.1.27/32 [110/11152] via 10.10.123.3, 00:05:16, Ethernet0/0
! F0 O) R/ E6 U% Z* lO IA 10.10.35.0/24 [110/20] via 10.10.123.3, 00:05:25, Ethernet0/0
& E) ]& _- N4 L: U0 ?3 @O IA 10.10.56.0/24 [110/30] via 10.10.123.3, 00:05:25, Ethernet0/0
7 n; t1 U5 c# bO IA 10.10.68.0/24 [110/40] via 10.10.123.3, 00:05:16, Ethernet0/01 j3 |$ `1 Y+ m6 u" M2 P- N
C 10.10.123.0/24 is directly connected, Ethernet0/09 X+ T) e" X r. e; E. H" i
RACK30R2#ping 10.1.1.27
; y$ g5 A. m. k$ `( FType escape sequence to abort.
& Q" L& R& |& v" H' t! N, v F" vSending 5, 100-byte ICMP Echos to 10.1.1.27, timeout is 2 seconds:
/ |' H& E4 e _. w!!!!!9 r) @7 A3 P# k& N- l; _7 ~
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/77/104 ms
% n4 q o m% u7 f$ {RACK30R2#
; `, I8 {- n- K% y X' I0 u U//R2已正常学习到了来自R27的Loopback路由,并能正常通信。(达到了要求,只用一条命令来解决这个问题)! |! I4 R0 h1 u1 E6 y8 C8 ^: M' \" ]
3.Source R27 10.1.1.27 should ping destination R18 loopback 1.100.100.100.0 F. `( F' O7 k" H4 I3 [
RACK30R27#show ip bgp
% D R( q9 ~* r# R8 GBGP table version is 4, local router ID is 10.1.1.276 u6 G) G* C9 A& G
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
) W# G! o6 B' ^ r RIB-failure, S Stale9 k* S3 j2 A. A: c/ s+ U
Origin codes: i - IGP, e - EGP, ? - incomplete" A1 L) |# X5 w5 u W* N5 d
Network Next Hop Metric LocPrf Weight Path0 I/ R* I8 N1 N; k* a( j
*> 10.1.1.27/32 0.0.0.0 0 32768 i
9 P t( M# H% X6 C3 {r>i10.1.1.31/32 10.1.1.28 0 200 0 200 i
! f. |% ~. ^/ [- g( QRACK30R27#
8 i6 o P1 Z, @5 O//我们可以看到R27无法收到来自R29的IBGP路由,并且路由到了R31就就无法在走下去。
* n+ ?% L* R/ Q//R28调整了local-preference, 但是这不影响路由的接收。; _7 {) F' ]( {/ S5 o9 ^$ r
//去R29上查看邻居建立情况,去R31上查看邻居建立情况。
* A6 {0 n+ x+ RRACK30R28#show run | b r b; s3 h; M# T" d4 r& L, D5 {
router bgp 300$ H. [4 _, t! C$ x7 |7 f
no synchronization
! N( M- Z$ D6 ]* ^ bgp default local-preference 200; p# z1 K C7 u, T7 Y
bgp log-neighbor-changes) }; r5 L8 x: A
neighbor 10.1.1.27 remote-as 300/ m8 M+ B4 j$ K3 z
neighbor 10.1.1.27 update-source Loopback06 _9 f! |8 e! |% y$ _6 k
neighbor 10.1.1.27 next-hop-self
% J7 K" c3 T& F& ]8 U neighbor 10.10.78.7 remote-as 200
% }6 E& L+ W+ _9 z no auto-summary
9 i& e2 Z& b8 q+ V$ k, Z) ^RACK30R29#show run | b r b
5 [& e+ G3 C' c, n6 erouter bgp 300
0 E) b* W( H W( D- g9 T( n no synchronization: R2 n# f; n) q J- v: ]# @
bgp log-neighbor-changes
. O$ C6 T- a* P neighbor 10.1.1.27 remote-as 3009 w6 h" W' y- ^. L/ l+ B# h2 i
neighbor 10.1.1.27 update-source Loopback0: Z5 {; g) s7 Y2 x" B6 Y3 ]/ U
neighbor 10.10.89.8 remote-as 200- r6 M7 t. I- f2 n8 K) o
no auto-summary
$ L8 v5 j# J( R//我们可以发现R28和R29都没有对自己的Loopback口进行通告。8 i: F, @9 m9 b( Y
RACK30R28(config)#router bgp 300" s n( x1 L" @- n/ P6 L; {
RACK30R28(config-router)#network 10.1.1.28 mask 255.255.255.255: b1 }# m" h- z1 K
RACK30R29(config)#router bgp 300" D7 A% f3 i+ w+ @$ p
RACK30R29(config-router)#network 10.1.1.29 mask 255.255.255.255, y6 {3 e/ G6 P( o& R( W
RACK30R29(config-router)#
4 B1 Y6 r E; S' C5 p+ r( K6 HRACK30R27#show ip bgp: S" S. r: L$ k8 v/ e+ B v
Network Next Hop Metric LocPrf Weight Path
) W4 v6 M, o: ]; G*> 10.1.1.27/32 0.0.0.0 0 32768 i9 @; w; z7 B* Z9 U5 Q
r>i10.1.1.28/32 10.1.1.28 0 100 0 i
% n; W7 f" U) W. pr>i10.1.1.29/32 10.1.1.29 0 100 0 i
% M6 z* F1 Y& U ir>i10.1.1.31/32 10.1.1.28 0 100 0 200 i
% P @! _: D7 c; u: w2 IRACK30R27#9 C; N+ ^3 n8 w8 j" I. x, ~
//现在R27可以正常收到来自AS内部的BGP信息。查看R31的BGP建立情况。$ H z& k; T' z8 q! B1 ^0 R; s/ f
RACK30R31#show ip bgp summ
: j2 i+ _, K( G1 n" R E/ fNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
) |; C! f. V8 O$ T! c: l6 o; e10.1.1.7 4 200 23 29 20 0 0 00:17:29 3
- _9 j3 y; t6 m- u# c. }10.1.1.8 4 200 0 0 0 0 0 never Active
( B0 m& m: V% @ I+ S, Y10.1.1.30 4 200 22 27 20 0 0 00:17:25 4% N# p ?5 a6 t' w7 o5 i/ x
RACK30R31#
1 s' ^8 P$ q; o' W7 JRACK30R31#show ip bgp
9 p# b: i2 C- i3 W+ g8 A Network Next Hop Metric LocPrf Weight Path# m$ q: z, t: H" E% I1 D' o8 i
*>i1.100.100.100/32 10.1.1.30 0 100 0 100 100 300 500 600 i3 m Z. j8 C" i% _ L; F- O/ ~/ Z
*>i10.1.1.27/32 10.1.1.7 0 100 0 300 i
6 d! C( T D' Q% K" e3 [+ F*>i10.1.1.28/32 10.1.1.7 0 100 0 300 i
9 h! y J$ D* x, Y5 \*>i10.1.1.29/32 10.1.1.7 0 100 0 300 i
9 o3 W8 p& b! Z. d9 b0 t* i10.1.1.31/32 10.1.1.30 409600 100 0 i6 a2 l: j2 }9 s: M' c' S) D' m; j& P
*> 0.0.0.0 0 32768 i
; X3 N0 \" r9 P" z5 ]3 R/ `*>i10.10.18.1/32 10.1.1.30 0 100 0 100 100 300 500 600 i
& ]# ?5 g$ R3 K0 x! o+ c*>i10.10.18.2/32 10.1.1.30 0 100 0 100 100 300 500 600 i
& R0 x0 }2 f# i: S! R& t! eRACK30R31#
" k/ `7 c4 S3 w: w9 H1 x//R31没有和R8建立邻居关系。
: a4 u. w! e5 M(如果题目要求仅仅为了ping通1.100.100.100,那么其他问题就不用解决,只要有路可以正常通信就可以了)
4 n; g& E/ ^7 Z: G! J//BGP邻居表中,R31收到了来自1.100.100.100的路由,路径的顺序是AS 100 300 500 600。0 v4 B' H c: W0 E- k+ `9 U
我们知道R27是处于BGPAS300里面,但1.100.100.100这条路由已经经过了300这个AS。% N" u9 A0 ?# h( K, Y
因此这个路由信息当发送到AS300后,AS300里面的路由器就会把这条路由DROP掉,因为它们收到了一条或许来自于自己AS的一个路由条目。 k* u, o' S3 Y
RACK30R18#show run | b r b
, s, z$ S2 D( k* \router bgp 100: E1 I9 `/ w4 ~$ y
no synchronization
( @5 c# R7 S2 d( s, N# ? bgp log-neighbor-changes
; H5 R8 c0 W, c( i' y network 1.100.100.100 mask 255.255.255.255
* a" d& f+ d( v5 C2 v' n8 B& M network 10.10.18.1 mask 255.255.255.255" z# t. Y4 T. A$ O
network 10.10.18.2 mask 255.255.255.255- {! T- d# J6 W$ r; S
neighbor 10.1.1.19 remote-as 100% ^6 F4 v2 b$ c0 B {
neighbor 10.1.1.19 update-source Loopback0- d5 y8 F+ L z% P8 W- R
neighbor 10.1.1.19 next-hop-self% U' I( T% C" Y+ s- t! {2 Z
neighbor 10.10.183.30 remote-as 200
, s }( @0 {/ N1 C neighbor 10.10.183.30 route-map AS out
% ^7 D; x* x U7 L5 p+ D% F8 E no auto-summary I7 R/ ?3 T. K. D
!8 e# @" Z5 m* t3 D% f
ip http server
! {* f& n2 W$ p' B+ }1 y+ \+ bno ip http secure-server
0 d. R( Y8 w3 a- \!6 s' k( ?. {2 a2 }. Q6 |
!: L" E* G4 ~6 \* R o
!
; `7 X: }$ b7 a$ b! U: h8 G! Daccess-list 10 permit 10.10.18.2" ?: E4 R. q/ q- G8 Z5 L
access-list 10 permit 10.10.18.1; P' B4 `, j4 y7 R
access-list 10 permit 1.100.100.100
5 o$ b: N' Z) y7 g!1 E) _& x1 {2 h" o# p) H
route-map AS permit 10/ `2 @0 r2 K0 j5 m& G8 B; P
match ip address 106 }6 Z7 V; q' l5 G8 G2 R
set as-path prepend 100 300 500 6002 t" C. [) W! C2 k! w% `
//我们在R18上发现了1.100.100.100的起源路由器,并且通过route-map对路径进行了设置。
% t& c5 e6 N8 w; h//为了不要更多的更改路径属性,所以我们仅把这个AS300给NO掉就好。
! u9 {$ e. p7 A c( |" vRACK30R18(config)#route-map AS permit 10; a/ E% v$ L( Q9 S3 W% h
RACK30R18(config-route-map)#no set as-path prepend 100 300 500 600
2 B) T% |5 i9 w4 |RACK30R18(config-route-map)#set as-path prepend 100 500 600$ h) B4 z% m5 f% w \
RACK30R18(config-route-map)#: M* O2 Z, _1 J9 M
RACK30R18(config-route-map)#do clear ip bgp * so- V: T# [' c* X( E) ~: L
//配置完成后,清一下路由表,让BGP路由信息尽快生成。
, f0 o! D0 y. v//去R27上面看一下BGP路由表情况。
, U& T, f. v8 M8 K9 f' O: i Z: IRACK30R27#2 _! e, b8 P6 T% v" \
RACK30R27#show ip bgp
& C4 p1 B$ P; a* h0 @7 h: b/ ? Network Next Hop Metric LocPrf Weight Path$ l& b7 A7 j3 t
*>i1.100.100.100/32 10.1.1.28 0 200 0 200 100 100 500 600 i0 T% ^0 a, b$ A8 e. l- `; B
*> 10.1.1.27/32 0.0.0.0 0 32768 i( F$ ?# v1 H! ^( Q$ Z
r>i10.1.1.28/32 10.1.1.28 0 200 0 i' ]% h* [* ], @! }( i9 z) O& p* ]
r>i10.1.1.29/32 10.1.1.29 0 100 0 i* q3 s; J, t+ j+ N. L0 C: t
r>i10.1.1.31/32 10.1.1.28 0 200 0 200 i
) ?$ s2 | M3 k% N6 I- L# Z*>i10.10.18.1/32 10.1.1.28 0 200 0 200 100 100 500 600 i$ R% }( g! O1 Y& J6 J* I$ R
*>i10.10.18.2/32 10.1.1.28 0 200 0 200 100 100 500 600 i3 M& ?. K G+ m4 ~! a% i1 s
RACK30R27#1 {1 D: a. u9 } I4 B ^
RACK30R27#ping 1.100.100.100 sour 10.1.1.27+ _' w8 K8 A; h+ l! N5 k+ R0 M
Type escape sequence to abort.$ A& k' e4 b1 g4 R
Sending 5, 100-byte ICMP Echos to 1.100.100.100, timeout is 2 seconds:6 W0 h$ @& w; I) E; ^
Packet sent with a source address of 10.1.1.27/ l' d9 T4 p4 S# p
!!!!!) {( u$ L6 J- M9 o
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/112/156 ms
4 w4 W) b! V# T% _RACK30R27#& q% |; C9 O! O2 V" z
4.R9 should use loopback 10.1.1.9 to telnet 10.1.1.10(pls do NOT remove and modify any command ).4 g; j( s( A7 M& c9 N; v" T
R10>7 X% h3 T2 K8 g1 P! ?0 R
*Mar 1 00:00:38.355: %PIM-5-NBRCHG: neighbor 172.16.14.26 UP on interface Ethernet3/0
! m8 |# Q( S1 T*Mar 1 00:00:38.367: %PIM-5-DRCHG: DR change from neighbor 172.16.14.25 to 172.16.14.26 on interface Ethernet3/02 Z. O6 l s* i+ N- ]
R10>
: y" U8 F# F1 |3 G9 k( G ^8 A*Mar 1 00:00:50.327: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.9 on Ethernet3/0 from LOADING to FULL, Loading Done" S0 V1 V b( J2 }; E5 w6 \8 D
R10(config-line)#do show ip ospf nei8 h \$ m" j1 G. h
Neighbor ID Pri State Dead Time Address Interface
0 ~7 {+ `& T+ o. U! j, |1 q10.1.1.9 1 FULL/BDR 00:00:32 172.16.14.26 Ethernet3/0
2 q8 }/ s" ]" B6 a//开启R9和R10的时候,出现了以上提示。首先确认R9和R10的邻居是否正确建立。
* l8 @# f( L3 k9 O1 W6 C//然后查看R10的VTY端口是否配置了某些阻止TELNET的命令。4 C& G0 F, \0 b# j4 }/ B
R10#show run | be line5 v. C4 t4 Z' O: j+ Y
line con 0
$ y2 H* Z- P7 g5 Z( s2 |8 W/ o# K exec-timeout 0 0
% L, ~* `/ U0 B: ~0 N, l/ ? password cisco- ]- j1 G7 G) e9 x8 a `$ Z+ X
logging synchronous
; Q# G; I" S- h# q2 ]3 D$ J6 Oline aux 02 }- E1 W9 m: I2 f" a6 f# y
line vty 0 4. r" a1 t9 p# z2 W- B" M2 @
exec-timeout 0 0
4 l" @; S% X4 O/ V3 o! p password cisco
7 p% w+ [. l" s" j logging synchronous C7 g' }# R8 O, A q+ c% Q1 }& E- }' g
login$ |2 U |; e! j
transport input none
& h: _2 F( m* }. s# ]' M!
+ m$ ?; T! X% \% H1 {. @* m& l4 z!) Z) C2 P- w1 P/ {' k& F0 D+ V
end
# J1 S' c% I: w2 {0 o//通过VTY进入的时候,没有方式允许。1 n- G, V4 b2 i t F
R10(config-pmap-c)#line vty 0 4
4 E! g( G( x' T |" b, k1 J& ER10(config-line)#transport input telnet
! N3 g# V1 ~$ I
" \/ l$ e1 D0 N* i5 \& f# z//查看R10的访问列表,是否执行了阻止。4 T% N+ |$ [% a, G1 G: q
R10#show access-list
$ w" n: D& M6 e8 C# M! w8 LExtended IP access list 100
5 ?, ~8 b1 B% c1 N8 P* r) `7 e 10 permit tcp any any eq telnet (12 matches)
6 u7 P o6 i6 K; t- rR10#show policy-map
6 d6 c- V5 u0 J* p7 P% K: f5 H Policy Map TELNET; f1 C0 L/ z# M- v( x3 c7 z9 A
Class TELNET
, f7 R6 W% C6 W2 k8 N4 N! E drop
, x3 m+ J5 F3 M1 J& e Policy Map marking
3 c* j5 [1 r6 K3 r) A//因为题目要求不能删除或者修改现有配置,但可以增加新的ACL。
+ @* j8 e: i0 o) v- K! V5 `, A 因此我们就按照现有的配置增加新的ACL,让其匹配policy-map。( L) X! U2 n8 q& z4 f
R10(config-ext-nacl)#do show access-list
) ]* d$ x% g1 Z4 z! g" \Extended IP access list 100
1 u$ N: e9 z% l/ }1 ?* s* m! K3 T) P 10 permit tcp any any eq telnet' [% {" e5 V% I! _: b+ w3 U
R10(config-ext-nacl)#
8 C! Z, S. N: V7 [+ j//我们在此插入一条,acl 5上去,让policy-map先匹配更精确的5,从而不匹配10 的那条ACL。
/ `, Z! j! q" S; K) F7 xR10(config)#ip access-list extended 100( H5 {4 u/ p8 m1 s) ?8 ~* q0 r
R10(config-ext-nacl)#5 deny tcp host 10.1.1.9 host 10.1.1.10 eq telnet
+ J/ b& A$ v3 b# V) U# o3 U5 bR10(config-ext-nacl)#do show access-list
9 D& B `* d! WExtended IP access list 1003 F/ _ _5 W0 H4 g
5 deny tcp host 10.1.1.9 host 10.1.1.10 eq telnet5 }, W# _7 p. y& V7 f
10 permit tcp any any eq telnet
# S2 g7 V, j* W, l//进行telnet测试# S: f5 w o6 D& U' h# M" p
R9#telnet 10.1.1.10 /source-interface loopback 03 |( s$ Z# X. v4 y' Q; {$ F( T& d
Trying 10.1.1.10 ... Open7 L" f$ f9 N* i
a4 _ [9 J# F5 [+ t* OUser Access Verification
0 P% K2 P- ~, t/ MPassword:& J* d9 `% o/ ~6 k7 x5 o
R10>exit
! n$ T# |9 W# Y) l& S+ B5.R15 should ping R13 and R14.
: E1 f3 K5 c/ @! JR15#show fram map( P2 E1 e+ T; R" x) G! T
Serial1/0 (up): ip 172.16.13.2 dlci 314(0x13A,0x4CA0), static,
. B" w6 d! x& b4 ^- P ` broadcast,
+ O" \" d( |# J% D. x) g+ N. y" g CISCO, status defined, inactive
0 S5 Z9 B) o' t- _. W" }# I8 USerial1/0 (up): ip 172.16.13.3 dlci 315(0x13B,0x4CB0), static,( I6 G* N! B" ^, q* M& s
broadcast,4 X2 ]* P$ S7 r. w! E
CISCO, status defined, active
' ]- Y. u; [/ e4 p, v' G9 ~9 \R15#
" G3 {8 k4 f5 c& X*Mar 1 00:01:14.959: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.13 on Serial1/0 from EXSTART to DOWN, Neighbor Down: Dead timer expired
' D( T( G q! n+ a6 e9 h% W2 N*Mar 1 00:01:15.067: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.15 on Serial1/0 from LOADING to FULL, Loading Done
6 e/ Q y- k2 B$ D9 d- N# xR15#show run int s1/06 z6 X q3 N' p4 w3 w1 o7 ]5 M
interface Serial1/0
8 R& ~% b, j5 E6 g ip address 172.16.13.1 255.255.255.248' |9 j4 K! F( \8 ~6 ?* y! [
encapsulation frame-relay
: c! N* v0 m& H* Z" }2 f; m ip ospf authentication message-digest
% M, u; n8 ~: a4 b2 r ip ospf message-digest-key 1 md5 cisco
0 @; }* Y7 }; Q) `; R ip ospf network broadcast7 ^, W" W1 X" Q
serial restart-delay 03 e. D" n# V4 i1 M2 D: D a
no fair-queue
8 G# P, m; ?7 D6 Q7 D v frame-relay map ip 172.16.13.2 314 broadcast) s$ b& P) {# g" {
frame-relay map ip 172.16.13.3 315 broadcast
2 m! {9 z7 A& X( K @" e frame-relay lmi-type cisco2 N( y# @; s9 N/ O7 [+ C5 v2 {
end
- a3 m+ j; Q; j1 P% ER15#
) D, |( a6 l% t4 d# J8 R6 {1 W# t# o//在R15上查看frame map可以知道R15和R14成功建立,但无法和R13建立。6 P% v7 R. w, _
R14#show fram map
) L6 v& n. L8 g9 E+ zSerial0/0 (up): ip 172.16.13.1 dlci 351(0x15F,0x54F0), static,
7 K5 o+ {% H- z ~0 x/ i: ]; ^ broadcast,
% y. ~+ D4 i9 F, E CISCO, status defined, active% W4 D' {5 ^9 K' r$ N" n, B0 ^+ m Z0 W
Serial0/0 (up): ip 172.16.13.2 dlci 354(0x162,0x5820), static,, }& ~8 w" ]* N, Z, o! ~
broadcast,4 L. o! ]! h4 I# x4 d
CISCO, status defined, inactive! W" Y3 r3 t. P" z/ g T/ ]
R14#show run int s0/0
. v9 r% u+ Q; K" L: {& Q& _: pinterface Serial0/0 w- a' @% ^% i. }7 a5 I. j) S
ip address 172.16.13.3 255.255.255.248+ ~! P) Y* i5 g
encapsulation frame-relay
) n' W+ b) O" j ip ospf authentication message-digest
( q# t7 L2 X" C% b ip ospf message-digest-key 1 md5 cisco
7 D, Z3 J0 u! L' j ip ospf network broadcast
- `1 `' C+ ^6 q serial restart-delay 0
1 ?& T, S0 J1 u% g5 f4 t' m no fair-queue
. j0 Y: ^) ]/ \* v1 Q& A) e3 O frame-relay map ip 172.16.13.1 351 broadcast9 _" N! Z% g8 B* n
frame-relay map ip 172.16.13.2 354 broadcast% [# L6 N/ @% i% ?0 k, Y
frame-relay lmi-type cisco
4 k4 Y' _; Q" g" p6 b9 Fend
2 V5 ^- i* @# v e% [$ I! g4 k4 G9 _R14#
4 d- b. P/ | P; C/ t, q//在R14上查看frame map可以知道R14和R15成功建立,但无法和R13建立,所以问题直接上R13去查看。
! h) u7 \; O* N! J4 F& ?4 S7 o4 O7 M$ tR13#show fram map
: x) T- G; t) I" q; \; H, SSerial0/0 (up): ip 172.16.13.1 dlci 341(0x155,0x5450), static,) n2 p$ ?) I6 m# h
broadcast,4 E) q2 i6 V, j! q8 v3 _
CISCO, status defined, inactive3 Q* O) {; Q; F: O6 K
Serial0/0 (up): ip 172.16.13.3 dlci 345(0x159,0x5490), static,; G* R" G; D3 N2 c! }
broadcast,
+ T6 Q C5 d( {* ~1 b" G6 p CISCO, status defined, inactive8 f$ [" e2 J2 Y- `
R13#* J% E" s1 l9 ?9 d: g2 t4 F
R13#show run int s0/0
1 O) B/ N) a% i5 `interface Serial0/0, P5 Q# c! j0 o9 ]( W) j9 f4 P
ip address 172.16.13.2 255.255.255.248
+ j) Z3 I- H+ u/ N* g* W( N encapsulation frame-relay/ l6 N& j% D- ^4 N6 B. f. x- l# U
ip ospf authentication message-digest
$ }* ]! @, O# {! d ip ospf message-digest-key 1 md5 cisco9 E* X; F! O. H% \' j5 o
ip ospf network broadcast. n, s c' z' V, R
ip ospf priority 255
5 D8 C7 y; C7 b' e) d3 x! D serial restart-delay 00 O0 U5 Y" u0 r
no fair-queue. V& P) r% ?5 j9 S
frame-relay map ip 172.16.13.1 341 broadcast
9 e: U0 v! d a2 e frame-relay map ip 172.16.13.3 345 broadcast
1 S+ P \9 d' z. i6 P+ i; F7 `4 L/ f. @ frame-relay lmi-type ansi0 y: W- ?3 H! J, A2 B( L( e
frame-relay intf-type dce
2 p1 p& M4 f5 J* jend+ m/ N0 a7 f! D: H1 E
R13(config)#int s0/0$ G. i) M% V- X |8 x( U' X1 V0 ]
R13(config-if)#no frame-relay intf-type dce5 D* T5 [1 k, c4 L- ]
R13(config-if)#no frame-relay lmi-type ansi
7 K: E. n% ~7 x& O; J* Y. iR13(config-if)#1 Y- B* u9 d! D i( p3 ~& i& B
*Mar 1 00:04:07.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
0 h ]) T0 L$ Y& IR13(config-if)#do sh2 l. p9 D$ N1 E0 ~( v. a, |! W
*Mar 1 00:04:36.947: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.15 on Serial0/0 from LOADING to FULL, Loading Done& _. u6 P: \7 W* K& F7 e
*Mar 1 00:04:37.283: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.14 on Serial0/0 from LOADING to FULL, Loading Done+ w: H7 V! j" [2 r2 N0 a5 N
//假设FR无法进去配置,那我们有应该让删除所有帧中继非默认配置,好让frame-relay自动协商成功。+ {: T4 V7 e" y5 E* R+ n& K( l
R13(config-if)#do show ip ospf nei
& K0 ~ c) B, V/ a( {( @Neighbor ID Pri State Dead Time Address Interface. h: F' ~+ M1 b0 I6 E" x
10.1.1.14 1 FULL/BDR 00:00:38 172.16.13.1 Serial0/0
, C; T8 @3 u8 O2 _10.1.1.15 1 FULL/DR 00:00:38 172.16.13.3 Serial0/0
8 j) p, v* ]: o# |" {$ z3 n# fR13(config-if)# v/ w8 l n$ z# \
R15#ping 172.16.13.21 I9 z2 c/ e$ W, a2 K h
Type escape sequence to abort.- U, Q k5 \' n' v
Sending 5, 100-byte ICMP Echos to 172.16.13.2, timeout is 2 seconds:4 e! j! s. z/ t. x3 m3 h
!!!!!/ N. w) ~: V9 v6 q4 u1 u- M2 b# D
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/44/60 ms
4 f7 n" Q, r o+ cR15#ping 172.16.13.33 H/ }# @& E0 J3 X* t# |; _' E# k
Type escape sequence to abort.
$ Z. H9 A! `& l9 q' w& J XSending 5, 100-byte ICMP Echos to 172.16.13.3, timeout is 2 seconds:
6 M4 O3 ~1 f& E. V/ N; Q( b!!!!!) T: B$ S5 e8 M4 ]$ g* B
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/42/64 ms
- C5 C2 m$ d# o$ a& E& {R15#
, F5 T$ U$ y4 X" K3 f' P7 s. n6.R24 & R29 should ping R10 FTP address 10.1.1.10.
+ j$ L [! y! I) [//这个题目包括了很多意思和内容。
, T" }+ G" _" G1 X 首先是R24的问题,R24有个EIGRP负载均衡,是否需要解决,取决于题目的要求。
. e1 f& Z0 L3 N2 `* E: z. z, B 在这里我会解决负载均衡的问题。, D$ f0 u# \7 }- V3 F8 o8 h
其次,R24和R25中间的帧中继问题。
; ~& R7 L- J |5 [ N5 {& r( U 再次,R25和R29的串口问题需要解决。$ H. D8 P6 H2 D! o
最后,R13到R10的链路,是否可以正常通信,是否有访问列表阻止。
7 P* S5 f S6 g: l: v! K6 W, S- Jsolution1:R24 和 R21 负载均衡问题。(与第七题一样,这里提前解决)
3 J' t% G ~/ H9 X- B S/ O$ [R15#show ip int br
5 K7 |( v. Q- AInterface IP-Address OK? Method Status Protocol, z" r6 N2 |4 b7 V
Ethernet0/0 172.16.13.29 YES NVRAM up up
. q7 s! r. S/ x//这个接口是连接EIGRP的接口。 5 e; f7 w- l9 Y+ t
R24#show ip route
4 U2 y, c8 @$ R! Z' l 172.16.0.0/16 is variably subnetted, 7 subnets, 3 masks* W6 m7 L% e& o6 u
D 172.16.10.16/29 [90/307200] via 172.16.10.11, 00:06:15, Ethernet0/0
7 a: t; m% |: n/ t3 X! v' b+ z4 pD 172.16.10.24/29 [90/307200] via 172.16.10.10, 00:06:19, Ethernet0/0& g0 c4 U4 |0 X/ N# C
//到达R21的路由通过R22和R23过去,R21 E1/0是.26/29,所以该子网内的主机是25-30。- v3 S K' W5 |/ N7 Y5 a0 n/ f: z
R21 E2/0是.22/29,所以该子网内的主机是17-22。
; S( f$ ]6 T. g: u* U* o 因为地址不重叠关系,R24去往R21是通过两条路由标识。
0 s: Z( m+ L) f" |7 W, m9 {' L: ? 查看R21的接口配置,看看R21返回R24的路是否负载均衡。
. ^$ K6 t$ z8 ]% H/ r3 P4 \0 ?R21#show run int e1/0! e' R6 }' ], K: q8 i
interface Ethernet1/0
& i2 z( n9 d7 H+ Q* M$ { ip address 172.16.10.26 255.255.255.248
6 z6 f/ M. _& S/ \ half-duplex- x) @; `9 M9 n: w* Z
end0 A; ]+ \; d9 }% V o* s
R21#show run int e2/0
3 o Q) [$ s& _8 [5 |! T y0 ?interface Ethernet2/08 q/ r7 y* ?3 _# v/ M5 W
bandwidth 1000000
. Z$ p' L- _( @4 t* f ip address 172.16.10.22 255.255.255.248
/ t: a+ K. v! j- R6 ` half-duplex
) L# _; k! o: Eend A: F# M: `1 [; ^- X- L: ~
R21#
; f& Z1 o, j" J1 z2 q6 E; }//可见R21对R23的端口做了带宽的设置。3 y- J( L9 A8 i3 N/ q- y) m
R21(config)#int e2/0* i9 G3 ~+ v& l# c" q7 _, _
R21(config-if)#no bandwidth 1000000# P3 @* A3 r: |
R21(config-if)#
( Y* i$ x3 C+ fR21#show ip route
2 P# s( t& v) R2 u( |# OD 172.16.10.8/29 [90/307200] via 172.16.10.21, 00:00:05, Ethernet2/0
# Q! m: |* l# g- `( f//去往R24的路径还是没有变化,其他设备查看接口配置情况。, i$ m1 q5 J8 P: [" f5 ?
R22#show run int e0/0
! _6 x$ |$ i# e2 ~+ ?" sinterface Ethernet0/0/ I, f& ~* g# `2 |+ P# t8 ~* }; O) K
ip address 172.16.10.10 255.255.255.248
/ w4 @( c, |9 Q5 u delay 200" r; R9 f7 w$ c
half-duplex( W1 e1 b. W+ n6 P0 J$ X W: P# Y
end
4 P( N* i$ B8 ~9 x5 ^) Z" z* B" }R22#9 ` m) m+ k4 u; u# O$ Y
//在R22的接口上面做了延迟,解决它。
; d. S$ n `1 v" O0 x) B9 XR21#show ip route& c2 K. h+ s& d+ ~4 D1 I6 E8 w0 U
D 172.16.10.8/29 [90/307200] via 172.16.10.27, 00:00:03, Ethernet1/0& t2 S+ M9 f* o$ e1 W
[90/307200] via 172.16.10.21, 00:00:03, Ethernet2/0
1 H) F% s2 z/ g* g//现在可以实现负载均衡了。
+ n8 H2 `7 X4 n& w) H' ~- U: Tsolution2:R24和R25的帧中继问题(以前是帧中继问题).
* h$ | w \5 U; OR24#show fram map$ Z7 Y( F6 T9 O w( ]
Serial1/1 (up): ip 172.16.10.77 dlci 809(0x329,0xC890), static,3 a) ]9 P5 g$ I
broadcast,
7 d( l; z4 k. Y7 Y# w5 y CISCO, status defined, active
/ L# `. \4 u' i% k7 Z0 O0 ISerial1/1 (up): ip 172.16.10.78 dlci 809(0x329,0xC890), static,
" R& B: ~! H6 G. v b; w! e9 Z broadcast,
9 f4 M- _- v$ o CISCO, status defined, active
; ^3 [9 e, {5 t6 o) L) _R24#
8 V, W6 y( ^; qR24#ping 172.16.10.78# q5 G8 D5 ?* v
Type escape sequence to abort.4 \5 `8 A4 H1 u3 B1 }/ P
Sending 5, 100-byte ICMP Echos to 172.16.10.78, timeout is 2 seconds:
1 X/ f* I+ J' ~2 w2 _9 G" P1 ]!!!!!
- V- o( h/ g. f* ?, U& o; A3 kSuccess rate is 100 percent (5/5), round-trip min/avg/max = 20/36/80 ms9 C$ z1 v8 v' A- f& s! r( e
R24#ping 172.16.10.77& g8 e6 J; E) Q+ j" Q" i8 w+ h7 u4 M
Type escape sequence to abort.$ X# b/ w, g0 V- d
Sending 5, 100-byte ICMP Echos to 172.16.10.77, timeout is 2 seconds:4 ?3 k& k: y6 x+ a+ M" d
!!!!!% R0 j# b4 ?9 _' O# U" ^
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/62/88 ms' V3 C2 J% Y! z/ C
R24#
+ X% x" o$ y; K% E1 D: Osolution2:R25和R29的Serial 问题(以前是MPPE问题)., ^7 [; K) `3 o! U9 }
R25#ping 172.16.9.2
' p6 w. _% Z- T3 UType escape sequence to abort.6 _' \. o4 ]; _9 k. a/ h4 q
Sending 5, 100-byte ICMP Echos to 172.16.9.2, timeout is 2 seconds:
: H3 `) y: T* g( O Z!!!!!, n$ m0 H) A" U
R29#show ip route$ Q: n+ \% k; b; b, _
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks2 a! @5 T# b6 x/ W3 _
C 172.16.9.1/32 is directly connected, Serial1/0
9 ]3 K# x& W; y4 i' E' WC 172.16.9.0/29 is directly connected, Serial1/0) r5 x* A5 r4 C) v) t: Z
192.168.20.0/32 is subnetted, 1 subnets$ C3 U! I1 _, ]( |, F6 ]
C 192.168.20.1 is directly connected, Loopback1+ y6 I! {; I; N/ w
10.0.0.0/32 is subnetted, 1 subnets
0 k, M8 C9 @+ q, ]* Y# K9 mC 10.1.1.29 is directly connected, Loopback09 t+ U3 E8 v. P
//R29只有直连路由,并没有学到EIGRP内部路由。检查协议情况。+ c* c6 {: w2 ~! h) U% x
R29#show ip pro8 p c2 G( H( n' S0 h9 A( c
Routing Protocol is "rip"
D1 v) Q# K7 u0 p) o Outgoing update filter list for all interfaces is not set
8 t$ [+ K! s6 `, S/ a( D7 M$ K5 p Incoming update filter list for all interfaces is not set
$ m5 G B& x8 N. x+ A, d, H Sending updates every 30 seconds, next due in 20 seconds2 b+ R8 i8 v" l
Invalid after 180 seconds, hold down 180, flushed after 2407 _, v8 v5 i$ [; g. O
Redistributing: rip
2 }4 Q' ?# t6 P G4 n% j Default version control: send version 2, receive version 2+ c {. }/ }: ? S9 ?2 M8 Q$ s
Interface Send Recv Triggered RIP Key-chain
0 q# ^/ Z3 i/ ` Serial1/0 2 2
- ~& R) x6 l' A B$ h! W1 k, G Loopback1 2 2! B4 C) c# v- C; U- D8 w
Automatic network summarization is not in effect
/ ?, X% L- U# B4 ?# j! @$ x9 _ Maximum path: 4
, t" ]& V4 m' q1 X$ a3 |, ^. v+ F Routing for Networks:. g2 E" n" y' @3 ~$ A- t
172.16.0.07 v, C8 q P' J
192.168.20.01 N5 q$ W) Z# H9 G+ g4 Q/ i& m
Routing Information Sources:1 b1 S" @/ `6 Y! n' D6 A
Gateway Distance Last Update
6 j: }* W8 g" |6 ~- ^ Distance: (default is 120)
* E- L6 G0 d3 Q# LR25#
2 k; Z4 I. b; y& k7 L0 jRouting Protocol is "rip"
4 H2 S0 `5 t# z6 p4 u" H Outgoing update filter list for all interfaces is not set& U2 h/ g& X! H# h& h: s* m4 Z* o
Incoming update filter list for all interfaces is not set
0 j1 v1 l, `6 P7 @3 _6 e Sending updates every 30 seconds, next due in 14 seconds7 ~! A% P: P: g. B7 x/ p! |; n
Invalid after 180 seconds, hold down 180, flushed after 240
: D! i- O: s' S! c% M Redistributing: eigrp 200, rip6 b' o; K7 i2 v
Default version control: send version 1, receive version 1
6 V8 @* P2 F. k! ] Interface Send Recv Triggered RIP Key-chain$ t2 d J7 w# I+ _( _/ c; x
Serial1/0 1 1 R" R* M. i- P# G
Serial1/1 1 14 d, j8 @ ?/ V: a1 u9 H
Automatic network summarization is not in effect
: I0 M$ W7 ]" U1 b" C Maximum path: 4
e2 z$ o" Z3 y Routing for Networks:
& n8 j% [2 z# }! Z* N2 Z 172.16.0.0) Y* _. |/ L8 H! r
Routing Information Sources:
3 B9 C9 N+ Q# _4 B9 a9 S9 Y7 C Gateway Distance Last Update
$ W/ P) M0 \6 \$ A9 G) Z Distance: (default is 120); U& [1 I+ X0 s, H% W
R25#
. B$ V" J' ?, ?* B& ~//R25和R29发送和接收的版本不一致。2 K/ o1 U: R, |! ^$ V
R25#show run | be r r1 P5 h- u4 B; P! y' t
router rip3 Q$ s# U0 ~% ^! J
version 1/ s2 ]4 n) q# t8 W
redistribute eigrp 200 metric 2; \5 X9 A# |4 s- H4 |
network 172.16.0.0/ ~% ^" M7 M% \2 U7 W% f0 w
no auto-summary
N* K" P/ d6 g4 e5 BR25(config)#router rip* u6 C A3 e. p2 @) m
R25(config-router)#ver 2
! @* S% c* j- fR25(config-router)#5 L+ o6 N% j/ s' }9 w: W- W
R29#clear ip route * //加快刷新路由表速度。
% N3 I P+ P( N" r fR29#show ip route! V* h! H! K0 F; j+ q
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
% b# a, L* j9 c3 G0 V- _6 w4 WR 172.16.10.16/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
% F1 O/ ?" j. H3 L+ ]& z8 }R 172.16.10.24/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
* f2 I. x! x$ z4 z# s9 }C 172.16.9.1/32 is directly connected, Serial1/0+ A) Y) v; L% C" @7 _2 N
C 172.16.9.0/29 is directly connected, Serial1/02 F) x x5 P( x! |2 D
R 172.16.10.8/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0; K" c7 ?+ I$ \
R 172.16.10.72/29 [120/1] via 172.16.9.1, 00:00:01, Serial1/0; S) u! x1 M ^3 v" L' j
192.168.20.0/32 is subnetted, 1 subnets
$ U% J; ?: t2 c9 J8 fC 192.168.20.1 is directly connected, Loopback17 N6 _6 e4 ^6 x4 ]
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks& Y% t" K7 C( q" p% m
R 10.0.0.0/8 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
2 e7 W" ]/ a4 p; [# a# a1 rR 10.1.1.25/32 [120/2] via 172.16.9.1, 00:00:01, Serial1/0/ B4 P5 A% ?" O' Z
C 10.1.1.29/32 is directly connected, Loopback07 j- f% M& P5 C' W$ K
R29#
1 `5 c2 _5 q, H" H7 p//R29目前只能ping 到R21的EIGRP端。
) f7 h$ L3 g; y 检查R21的重发布问题,为什么EIGRP收不到来自OSPF的路由。& N' V! W3 P0 g
R21#ping 10.1.1.10 //R10的Loopback口
( b( U: V- g3 p% Q& I/ Y( Q6 [Type escape sequence to abort.' U/ p& T0 V+ C/ P4 `4 U5 W
Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:$ s, ^- @6 O) K, H0 r. J
!!!!!. P# Z p: b1 R
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/67/80 ms( J J+ E3 Q e& D! L! i! {
R21#ping 172.16.14.17 //R10的物理端口
0 m7 \2 K- B* l9 x, P" [* `8 N% M4 {Type escape sequence to abort.7 {/ U$ k+ k% v- l8 f# y9 R
Sending 5, 100-byte ICMP Echos to 172.16.14.17, timeout is 2 seconds:; k: \+ z) Z- m6 e; v" U9 A& {
!!!!!
/ I1 I& d$ s" @0 fR21#show run | b r e" f/ r3 F, R& N4 u
router eigrp 200
. C% l) d( z5 k& P% F2 `1 j3 ] redistribute ospf 1, D8 M3 ?( ]- m6 K! A! P
network 172.16.10.22 0.0.0.0% @) W: v7 p7 }5 d% P; u
network 172.16.10.26 0.0.0.0
6 j0 u; ?! O2 p' G# B& t# s5 x no auto-summary5 E! U# [0 G: h( p; K
!3 k/ i/ }0 ~# X; d! X- S! O
router ospf 1
& j# [$ O1 b H log-adjacency-changes
], |% z7 j! M" q, g; [ area 1 nssa8 }4 o1 x0 _3 {8 a, K
redistribute eigrp 200 subnets' N( t( Y0 T+ R5 N% U1 n K1 `1 E
network 10.1.1.21 0.0.0.0 area 13 E5 J6 x" ^+ ?2 C J; ~6 n* B/ l
network 172.16.13.30 0.0.0.0 area 1
( v" p. r) q6 @4 V/ _# yR21(config)#router eigrp 200$ m5 d( A; u0 L+ d Y
R21(config-router)#redistribute ospf 1 metric 10000 100 255 1 1500$ L- }6 M2 X3 h5 X5 q/ D7 B
R29#show ip route
) z+ m5 J) Q/ d: @1 O- Y* [172.16.0.0/16 is variably subnetted, 14 subnets, 2 masks
; L: u% J: K! H) yR 172.16.14.32/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/00 J4 T: z! V0 S! `
R 172.16.14.40/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
& z) n+ `0 y1 P4 wR 172.16.14.16/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/06 N& ]1 j: Y/ F9 V+ s* P
R 172.16.10.16/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
7 Y) |( C# X- P7 N& z7 JR 172.16.13.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
' Z5 ]" J$ W* `; ]; }0 IR 172.16.14.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
/ Q: r2 b) o7 a: fR 172.16.10.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
- _% P( F0 ]" V: x3 q0 [! bR 172.16.13.0/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
) s+ a, g. z6 H3 o4 MR 172.16.14.0/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0" \" t2 v5 B$ S- T9 j( v
C 172.16.9.1/32 is directly connected, Serial1/0& z$ t+ N% @" c( @& [9 [" o% g2 J
C 172.16.9.0/29 is directly connected, Serial1/0- p- L' n g+ }) w( b
R 172.16.14.8/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/01 Z& a. ], z# k. w% S- H/ y2 i& w
R 172.16.10.8/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0' M3 }/ U3 Z5 B. b& T$ P& Q
R 172.16.10.72/29 [120/1] via 172.16.9.1, 00:00:01, Serial1/08 j# J% j Q. U( b+ x) Z. W. _
192.168.20.0/32 is subnetted, 1 subnets5 E8 K4 r0 a) m# }1 \* }/ W3 }7 }
C 192.168.20.1 is directly connected, Loopback1
3 O/ I* k4 a) `. G 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks h4 j! V8 T% u6 z* _
R 10.0.0.0/8 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
- ?( ~5 L5 E/ O8 G) g* u7 s% @) ER 10.1.1.25/32 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
+ {7 x/ p- x+ ~% {C 10.1.1.29/32 is directly connected, Loopback0
8 J7 D$ r1 |: v- x" zR29#ping 172.16.14.17
* w' y( {: B8 E. GType escape sequence to abort.
! K+ b" o: c4 p' ^- n3 Z, A" pSending 5, 100-byte ICMP Echos to 172.16.14.17, timeout is 2 seconds:
2 e6 l% Y. t2 b! f0 b4 F r8 J!!!!!$ G; p% I4 o( a
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/95/160 ms) `/ t. K7 B, x5 G9 O f
R29#ping 10.1.1.10
' [. ~2 Y( ?& eType escape sequence to abort.
6 D9 p1 }2 E& e7 O& C8 v. {Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:4 s$ a: B8 U1 o* ?& H& ~1 H
!!!!!% x9 a# Q9 t" P
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/108/148 ms8 P0 C& P* b0 W1 P9 p
R29#7 _7 f& U* p0 o; ^
7.R24 forward to FTP server 10.1.1.10 should come true bidirectional load balance.
3 C7 _5 |3 |4 u/ ~7 ~" k! YR24#show ip route
; S _. `! @/ } |D EX 10.1.1.10/32 [170/332800] via 172.16.10.11, 00:07:18, Ethernet0/0
! v# e% p7 }, N [170/332800] via 172.16.10.10, 00:07:18, Ethernet0/03 X* \% d- _- C$ b! k! |
R21#show ip route
5 w4 j0 o" t% ^/ B1 ?0 wD 172.16.10.8/29 [90/307200] via 172.16.10.27, 00:02:06, Ethernet1/0
# E' s4 N O: Z- `; {6 o [90/307200] via 172.16.10.21, 00:02:06, Ethernet2/0( f6 e! W! G3 |6 Y' F* g
//R21和R24的双向负载均衡。解决方法就是第六题的solution19 O9 V) q( R4 h% N R3 X- I
8.R3 is IP multicast server, R13 should ping R3 multicast address success., M. r% d6 {/ S% o" d b
//既然已经知道R3是multicast server,那么这题思路步骤要按照IP multicast的路径一个一个往下游检查。
5 m0 Q/ F* @) _) D, @0 u2 I# ? 如果不知道,就从目标一个一个往上游检查,直到检查到multicast server。% b/ T& V3 U+ W: E
multicast的主要命令有:! @' g* x# L( h
ip multicast-routing 激活多播路由,为了防止路由黑洞
/ o' a+ ^8 I+ d( ]6 o4 S6 C2 `# k: Q ip pim [sparse | dense | sparse-dense] mode 启用模式5 d, y; W; d5 U6 I$ \3 G
ip pim autorp listener 组播监听: B$ ?. l+ d8 ]0 F& a2 R
这些命令都是基本的,必不可少的命令。应该在所有路由器上都可以找到
% O3 L8 L7 e, \, M" r5 CR3#show run | in ip pim
7 l7 y" T+ S& s e. a# v# O+ eip pim send-rp-announce Loopback0 scope 1 group-list 1
4 o5 Q& P( b2 k* @ip pim send-rp-discovery scope 1
6 a1 c) }6 \9 j$ M+ v. J$ W6 d1 TR3#- j" u' h( G* C' T
//pim 跳数限制成1跳,改成16跳。并且查看group-list 1。; T' \- o- Y/ J* W6 @
R3(config)#ip pim send-rp-announce loopback0 scope 16 group-list 1
$ E; [' X, L3 M8 tR3(config)#ip pim send-rp-discovery loopback0 scope 16
2 o" s- h% c1 P3 w1 JR3#show access-list; n5 U ?1 \- j
Standard IP access list 1
# W6 C( e9 f& \; S; u 10 permit 224.1.1.2& m7 l; A9 O2 l8 J! O: F$ C5 i
R3(config)#no access-list 1" U8 H( W& @2 U! ^
R3(config)#access-list 1 permit 224.1.1.15 L- [4 B0 V, Y3 R# c& J" j5 `
R3(config)#
3 b' L! D. ?% x. b5 X( ?+ {//题目要求挂的组是224.1.1.1 所以改回来。
* g0 }$ M) R6 C" M$ p3 K+ H: MR3(config)#do show ip pim rp map
& B0 [# t4 y4 Y# WPIM Group-to-RP Mappings( s) K" F8 t( Y2 ?
This system is an RP (Auto-RP)
& }- D" X* p3 P* l9 MThis system is an RP-mapping agent1 s+ N& M# c; U* [' m# T
Group(s) 224.1.1.1/324 F+ x2 s8 [* n1 H: m. X
RP 10.1.1.3 (?), v2v1- Y% d1 {( \5 l$ A4 s
Info source: 10.1.1.3 (?), elected via Auto-RP
2 }8 B+ X8 J! y5 L) T5 u Uptime: 00:00:45, expires: 00:02:12, j; o& B8 j0 f/ I' u* V
R3(config)#do show run int lo0. W2 a9 s$ S8 a5 j6 D( r
interface Loopback03 P' m2 @4 E" j1 k2 z
ip address 10.1.1.3 255.255.255.255- g, }8 h9 @8 C0 K
ip pim sparse-mode9 C% v ?5 E. H5 A" T
end
! F! p5 Y* F- t8 \R3(config)#
9 G d6 `7 K1 n" g+ j' Z, U//Loopback0应该加入组,做映射代理。0 j* P5 ~/ n0 S4 e/ H
R3(config)#int Loopback08 r& S' A+ J3 o" m6 G
R3(config-if)#ip igmp join-group 224.1.1.17 Q! h! g9 d S* z8 V2 h
//从上面的show ip pim rp mapping可以得知:自动RP u- ~, s Y; Q- m9 h) l. b- `& J9 {
所以所有路由器都应该启用autorp listener
) H. G! f! ^/ r& r 这些就是multicast server的基本配置,接下来往下游逐一检查。
! C0 F: Q, g- b5 |3 K: k% zR5#show run | in ip pim
$ O! y2 W* z- r( R1 d; q8 g, X ip pim sparse-mode0 B q" y) E! }: x0 \
ip pim sparse-mode
# l5 ?- w6 s5 _' J/ i) t- { ip pim sparse-mode0 v6 S% y6 |- d% `
R5#show run | in inter
! W1 B' m% ]/ A* f9 Ointerface Loopback0
' Q n7 U5 M! ~' Tinterface Ethernet0/0 E& v2 T) B: b" }. Z6 r6 J& M* u
interface Ethernet1/0
& E% c* ?- P+ H* P2 |# K$ N3 u; x- gR5(config)#ip pim autorp listener
2 ^( y5 k* K$ ?! A; ?, B, GR5(config)#do show ip pim rp map
! o6 }9 Z: \+ Q1 r; O3 gPIM Group-to-RP Mappings X7 F) C; q- f$ X& b8 \
Group(s) 224.1.1.1/32$ [7 i, }6 {6 _
RP 10.1.1.3 (?), v2v14 }2 a0 A/ C, G4 j, H* Y7 i
Info source: 10.1.1.3 (?), elected via Auto-RP
T6 D/ X( q5 Y' \5 { Uptime: 00:33:36, expires: 00:02:09
6 n( ]4 e8 }+ IR5(config)#do ping 224.1.1.1
6 t V( T* Y. g% W9 ^+ I' U) sType escape sequence to abort.8 g0 J) O+ R2 Z# F
Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:
0 g5 r- ]) o2 L0 f" E% g) I+ WReply to request 0 from 172.16.15.9, 28 ms |, @5 q! X: z% O; t" L
R5(config)#7 t8 F. ?+ L8 I' d# Q% y
//R5学习到了映射表,查看R9是否能从R5上学习到。
* u* m( D9 S M' r$ oR9#show run | in ip pim2 `2 b0 G6 ~' W; d6 a! p( S: W
ip pim sparse-mode9 @# n5 U. ~) x# l/ D, [# V+ k& J
ip pim sparse-dense-mode- R# M% |# G5 k* k4 w
ip pim sparse-dense-mode' l2 t$ [; t4 G. E4 W" e" |
ip pim sparse-dense-mode5 y+ y% i1 [7 z
ip pim sparse-mode
/ J- Q! v* ?6 d8 p7 N3 r; E$ m+ @R9#show run | in inter) E: H3 I; M7 ^/ C' E* x; a, J' c
interface Loopback0
, y ~7 {' Z2 \. N3 ointerface Ethernet0/0" Q' j/ U* _6 n% K0 n" Q4 b
interface Ethernet1/0
) ^& [; X1 H% vinterface Ethernet2/08 y/ e( ?( k3 ?9 @4 R! C
interface Ethernet3/0% z2 B/ I) {$ i [
R9#
* X3 _% g1 X7 |5 A- F//把sparse-dense-mode改成sparse-mode,模式必须一直。4 D+ `& I& t M6 Z, y+ L
R9#show run int e0/0$ X7 j! t4 @/ d) a' k
interface Ethernet0/0
5 b- ~7 v8 Q7 h4 o8 t o* u ip address 172.16.14.1 255.255.255.248
6 b& r" b _9 h ip pim sparse-dense-mode
! L: |1 y. P* B, N, E) S ip ospf authentication message-digest! ]4 B* E" I3 K: A( W
ip ospf message-digest-key 1 md5 cisco/ u" G1 A4 Q8 T% X- T6 N
ip igmp access-group 103 Z- _* ]6 _1 D3 o" e$ O% p" k
half-duplex
: i9 r, c7 e, @0 m3 a8 vend
/ G$ G# y6 Z5 gR9(config)#int e0/0
$ q3 G+ e' q( Y8 GR9(config-if)#ip pim spar) n) R4 E2 h- Z' d
R9(config-if)#int e1/0 a( t& D( \- x! Y0 d
R9(config-if)#ip pim spar2 t7 e: H) f, C6 V8 b: T6 Z7 r
R9(config-if)#int e2/0. G1 d6 c7 s, p, p# f6 R5 H! K
R9(config-if)#ip pim spar
: t' a: q* h2 w9 H& ?R9(config-if)#do show run | in ip pim
- {7 r7 C- H4 k ip pim sparse-mode
" b0 {5 j) @7 N H4 v5 \ ip pim sparse-mode
* E- E# u) S6 r0 v9 I ip pim sparse-mode7 K& Z1 Z2 ]# t, Z7 g
ip pim sparse-mode
, g; K5 Q# d, g, Y ip pim sparse-mode9 s' Y# X! t' t1 L/ i3 O
R9(config-if)#
* R3 N3 e1 E ^' [6 w6 E//修改完模式后,是否有留意到端口上有个IGMP访问列表?4 ^6 y. Z! L. K9 f
把访问列表修改成放行,因为访问列表最后默认有一个deny any,所以会阻止下游路由器访问。! u) I' M0 \9 I! f
R9#show access-list
$ W3 E U9 c" L/ B2 DStandard IP access list 10
$ d* ?$ Q ?, r+ X7 n* P1 z1 k 10 deny 10.1.1.30 H B/ Q9 v$ z7 f: [! Q
R9#conf t
0 V- b, r5 X, a4 D1 ?6 C% lR9(config)#no access-list 10 M& S# c$ r* f* y9 N0 Y8 v8 I' g) s
R9(config)#access-list 10 permit any3 C( ]4 |$ j4 p/ Q3 Q. @. I
R9(config)#
( j0 C0 D) _6 W' T% X8 ]* f" jR9(config)#do show access-list
2 z; c1 q& [ s+ U/ F5 NStandard IP access list 10
# B' m6 o4 B* p 10 permit any2 x8 ?; R. J& E( z7 T' U/ e
R9(config)#
. ~. {1 J' p4 m! L! @//完成后查看mapping* R6 N. ^: G6 D3 h) ` w
R9(config-if)#do show ip pim rp map, d4 C1 q0 W( x5 z1 h
PIM Group-to-RP Mappings
; z8 [ Q0 Z9 O9 @Group(s) 224.1.1.1/32: K4 T, H# e9 N7 O5 p4 l
RP 10.1.1.3 (?), v2v1
$ x% Q; c# ^9 U Info source: 10.1.1.3 (?), elected via Auto-RP
! R2 Y5 p ^' ~7 W, u Uptime: 00:03:29, expires: 00:02:28
6 @# H5 I& E1 bR9(config)#do ping 224.1.1.19 o& D, g; e. J; j+ a$ F
Type escape sequence to abort.! N- G3 l6 \: C
Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:$ x& w5 R4 H' b4 L
Reply to request 0 from 172.16.15.9, 80 ms
& N5 R; }) A& m- Q& c, N9 MR9(config)#9 I- X* H3 A7 J N7 ]
R9(config)#ip pim autorp listener //记得把这句敲上& K% D1 Q9 e: \) G G) D" T
3 ]0 k1 h0 A0 k7 J& r% ^. W4 W
R11#show run | in ip pim. \$ L' }2 {$ z8 t+ [$ H! i1 E7 R
R11# //什么都没有,也就是R11没有启用任何组播。3 c( d: [5 y7 J6 z
R11(config)#ip multicast-routing
' V7 s0 q8 f) F. O, K/ HR11#show run | in int
* t& Q }" h H/ ]9 Zinterface Loopback0
) l# H: K1 _% R* x; q" }interface Ethernet0/0
Z- B! O9 M" Q. @+ S/ g! I" sinterface Ethernet1/0* k; o1 m+ V( y! C# o
interface Ethernet2/04 u" G9 r* n9 }; } _
R11#
- a+ f P" s2 T* c5 H- x//在所有的接口上启用
6 u% A& a0 h$ [; t) t% B( z7 q/ L5 b& ^
R11(config)#int lo0- [' D0 m3 f) v* T$ a! u
R11(config-if)#ip pim spar g U, P4 I7 K8 N. p
R11(config)#int e0/08 q# W" p/ R! Q, e+ }; m
R11(config-if)#ip pim spar
9 |+ Z) U/ j4 G* j7 `& _R11(config-if)#int e1/0
d5 O+ J6 |9 KR11(config-if)#ip pim spar
4 P% f# E3 y2 i, m& I( L rR11(config-if)#int e2/0
i7 L. X0 O2 L9 [% ZR11(config-if)#ip pim spar4 P5 k( I7 O0 t
*Mar 1 01:00:13.527: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.18 on interface Ethernet0/0
3 n/ a) N, l1 e0 r; d5 `*Mar 1 01:00:15.283: %PIM-5-NBRCHG: neighbor 172.16.14.33 UP on interface Ethernet1/0
' B( C6 k2 S- [* p3 {# j*Mar 1 01:00:17.215: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.34 on interface Ethernet1/0
- A/ N% m- _% x) h# P E$ Q3 r+ z$ J$ R: x*Mar 1 01:00:19.479: %PIM-5-NBRCHG: neighbor 172.16.14.42 UP on interface Ethernet2/0% M2 j7 m: ^! y1 h
*Mar 1 01:00:19.515: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.42 on interface Ethernet2/0) x5 r, l9 P5 ?& g1 v
*Mar 1 00:59:10.463: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 10.1.1.11 on interface Loopback0
9 @3 A! M* c& A( v8 vR11(config)#ip pim autorp listener
. |4 ?( U, K" b+ jR11(config)#do show ip pim rp map' l( U8 k! `! t) u; ?# w0 o
PIM Group-to-RP Mappings! ?6 w/ s3 S: q4 T& `
Group(s) 224.1.1.1/32! h% w2 x3 q: E+ ]9 D& p0 a
RP 10.1.1.3 (?), v2v1
5 [. K4 b* _ K, P- v: P" t9 [ Info source: 10.1.1.3 (?), elected via Auto-RP
( }9 b( `/ n/ R! C4 n5 m Uptime: 00:00:32, expires: 00:02:26
6 y% |8 n; y6 v- n9 D! y/ UR11(config)#do ping 224.1.1.1. E# A& o6 { Q8 o$ H1 V
Type escape sequence to abort.
+ ^, }) b- _8 h# f2 P4 P! Z& e/ ^3 ESending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:0 G& L. ~1 B' N2 |4 L
Reply to request 0 from 172.16.15.9, 152 ms
! V P1 d/ T& |$ T+ Q/ [Reply to request 0 from 172.16.15.9, 152 ms" Y2 U9 `8 X& S s- f
R11(config)#
3 p, g, T, p0 d( n! n* X, K//此时R11已经学习到下一跳为R3的组播信息。- J0 e& r' ?2 O: U$ M
R13(config)#ip pim autorp listener- v& y4 C+ ^5 r6 \2 t
R13(config-if)#do show ip pim rp map
5 H3 R2 x/ L( g* LPIM Group-to-RP Mappings
( O& E' \7 ~% ]2 X& lGroup(s) 224.1.1.1/32
: A( {$ g. `4 X7 K& [ H RP 10.1.1.3 (?), v2v15 X, p/ e X1 r* C" F
Info source: 10.1.1.3 (?), elected via Auto-RP3 O( }0 G- P4 e* y: ]' }0 W
Uptime: 00:01:25, expires: 00:02:33& o/ ^9 }) B7 X7 J6 n
R13(config-if)#do ping 224.1.1.1
$ a* H' i- C2 R% KType escape sequence to abort.
3 f/ L$ D- H. J( c* K# tSending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:
: d9 R% z& G. K+ \# v2 t/ W' v6 kReply to request 0 from 172.16.15.9, 112 ms
" Q* W+ W( ]- b2 C: ~Reply to request 0 from 172.16.15.9, 200 ms4 y, W: x3 \: K9 l4 w# F$ p
R13(config-if)#$ t! ~: ?* D1 P" g; T2 b
9.R13 just use loopback Send trap to NMS 10.1.1.4 when R13 s0/0 down.
) ]3 i3 `) v3 f6 ^ R13的s0/0上有no snmp-server trap link-state4 W" r( B9 L( p y
改成:snmp-server trap link-state8 z% I) @4 E% h
R13#show snmp
3 i- k2 H. g, `( Y1 O4 `SNMP logging: enabled3 D. {# v8 y2 S4 l
Logging to 10.1.1.4.162, 0/10, 15 sent, 0 dropped.3 r0 D _+ \1 V& l9 d0 M
R13#show run | in snmp
/ s$ z# c% e! A" x8 z% bsnmp-server community cisco RO
; R! H- `7 c8 e& Isnmp-server trap link ietf( c, O. V/ K+ o/ O G
snmp-server trap-timeout 100
/ Y+ d& X$ A5 Lsnmp-server enable traps snmp linkdown linkup# ^& C/ }" T8 C: s! g3 X: A9 h
snmp-server host 10.1.1.4 cisco snmp //如果没有这个命令,debug就无法出信息
; {2 X: M# B1 g/ v/ AR13#
! ~/ {% V& |# \0 f! d; rR13(config-if)#do show run int s0/0) y4 l/ @3 R5 h: m
interface Serial0/08 j: g/ \% j$ ^4 g- [: g
no snmp trap link-status , u; \/ I+ L) @
end5 S# X( j0 k$ L0 B6 n
R13(config-if)#snmp trap link-status
/ n" P8 n4 l& D2 p u- RR13(config)#snmp-server trap-source loopback 0& Q3 v2 T. w% }
R13(config-if)#do show snmp: S4 Q$ r- `# e1 V) t
SNMP logging: enabled
# I4 u# |- W# D3 Z; b Logging to 10.1.1.4.162, 0/10, 17 sent, 0 dropped.
( v X5 q# U! H& j" d; _: w//debug snmp packets,开启这个命令后,然后把端口shutdown也可以看到效果。# f3 e! j% B2 E: {- }% g
…………9 E& B u) e' K, M8 N. a: D/ j
ifIndex.5 = 5
! s Q5 f( s' w$ P ifAdminStatus.5 = 2 * y3 R9 O# u/ o' C
ifOperStatus.5 = 2
# [9 F/ R N5 L1 a! ]) i* ~ ifDescr.5 = Serial1/0 + m4 t: ~7 T& D2 L6 [! ^0 v% F
ifType.5 = 32 9 z8 U+ E6 K- G5 H# m
lifEntry.20.5 = administratively down
' ?) V( O' Q X1 K' S4 }//最后记得把端口重新打开
- Z0 ]5 m1 {: `' \3 P10.The question with R13 & R5 roll tunnel.5 T6 F9 \0 z% [9 Z3 f7 d5 P5 x
*Mar 1 01:54:26.675: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing" d! A0 a& i, l8 b" M& T
*Mar 1 01:54:27.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
7 d& Y: Z. V# _9 DR5#show ip route
+ U% |# X7 U2 U) w8 D. {2 H& `O 10.1.1.13 [110/31] via 172.16.14.1, 00:00:22, Ethernet1/0
4 |' I8 P1 v1 sR5#show ip route
* A4 f; v* A- ^: V: q1 }, O) @S 10.1.1.13 [1/0] via 135.0.0.136 c! i. F$ Q( G, q& H* @) x
//Tunnel翻滚,在UP的情况下,R5和R13是通过静态路由连接。
+ q/ C- n, u, M. ]3 }. u4 a3 @% y) n 在DOWN的情况下,R5和R13是通过OSPF连接。5 ~" c& |* q- ?5 B6 a" N' n8 W: T
9 G U3 [# s' ^! X, u" }, u! FR5(config)#do show ip int br5 ?& e* |1 }+ k9 ]9 d1 j
Interface IP-Address OK? Method Status Protocol1 z& k" Y/ n/ L% D- J l
Loopback0 10.1.1.5 YES NVRAM up up ) {- F4 G0 J4 `1 b
Tunnel0 135.0.0.5 YES NVRAM up down) P& R8 |$ d1 R M
R5(config)#do show run int Tunnel0
* p- x9 u# }5 D8 D rinterface Tunnel0
# {6 P/ l( \5 ^$ J. w2 q i ip address 135.0.0.5 255.255.255.0
* C4 h+ V8 M! h: i8 I; r tunnel source Loopback0
Y$ R! w- m* ~/ w0 E; v tunnel destination 10.1.1.13
+ l" G$ k6 B% o+ Q5 F, Iend* K) N0 h/ o' |& P( c) Q% T( J
R5(config)#
3 U" r4 j6 T9 f1 u; B3 GR13#show ip int br0 g1 x6 B! M6 W k3 _6 J* Y* J
Interface IP-Address OK? Method Status Protocol
e7 z( n5 K* U, C4 h4 w! jLoopback0 10.1.1.13 YES NVRAM up up
* F2 N; `4 F u& o3 kTunnel0 135.0.0.13 YES NVRAM up down. m* A1 _ x( q0 ^. E$ P
R13#show run int Tunnel0! s) h2 L+ y9 x$ g( i1 f2 c
interface Tunnel0# e4 P9 U0 C; E) O% K. U
ip address 135.0.0.13 255.255.255.0
8 M8 X8 d( L7 j ]8 u% l' t tunnel source 10.1.1.13/ Y* c& e% r+ L! {# T
tunnel destination 10.1.1.5: W; N1 K: D5 s) `; ~$ U* Q
end S$ W Q" D; m7 U4 D- h& q' B* e
R13#
( L, t3 B5 e0 I7 v) |9 N//方法一:直接把静态路由去掉,R13和R5的路由信息会通过OSPF来发送。0 p6 ^( N7 @ P7 |9 t
R13#show run | in ip route
* K4 F5 T7 \" @3 Z j! o2 Y, A6 T# J: Qip route 10.1.1.5 255.255.255.255 135.0.0.5! O% j: W5 E' x% A9 v
R13(config)#no ip route 10.1.1.5 255.255.255.255 135.0.0.5; d. |( |* W# T& m
R5(config)#do show run | in ip route
4 v# N' |8 I& jip route 10.1.1.13 255.255.255.255 135.0.0.135 ?! V0 h) o: I
R5(config)#no ip route 10.1.1.13 255.255.255.255 135.0.0.13
( B1 W+ D+ l7 H: pR13(config-if)#do show ip route: t) P" t* N D2 B4 `7 v3 ]
O IA 10.1.1.5 [110/31] via 172.16.14.41, 00:01:35, Ethernet1/0. ?. s& ^% f( m& D( ^: v
135.0.0.0/24 is subnetted, 1 subnets
+ V2 q& m, T. E# ?9 f7 hC 135.0.0.0 is directly connected, Tunnel0
0 W! J' n8 |* eR5(config-if)#do show ip route
: t; E4 k6 k: @ O/ d, M; dO 10.1.1.13 [110/31] via 172.16.14.1, 00:01:38, Ethernet1/07 ~8 D) t4 P% c7 L
135.0.0.0/24 is subnetted, 1 subnets
9 K, I0 @1 C! O2 R3 H0 V' ZC 135.0.0.0 is directly connected, Tunnel0 g6 }& M/ d% R+ p& Z: H
6 t) U- r$ L; _6 b+ J) ]
//方法二:把静态路由的下一跳改成下一跳物理接口,R13和R5的信息会通过静态路由发送。
' V; U' j2 L4 S+ ]2 rR5(config)#do show run | in ip route
. |6 r7 `$ W2 V( v3 I& O4 Mip route 10.1.1.13 255.255.255.255 135.0.0.13
! H5 P8 d2 U, |0 `# QR5(config)#no ip route 10.1.1.13 255.255.255.255 135.0.0.13% E! _5 u- H$ y. m, L9 P- v" g# a% _
R5(config)# ip route 10.1.1.13 255.255.255.255 172.16.14.1, k, @/ d/ O& ^' U
*Mar 1 00:05:36.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
9 w. S/ u& A5 W4 z8 h# C Q/ D
R13(config)#no ip route 10.1.1.5 255.255.255.255 135.0.0.5
, a, |# L) N. ^R13(config)#no ip route 10.1.1.5 255.255.255.255 172.16.14.41
4 J, H& r" X- I4 d$ d*Mar 1 00:05:46.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up: N* N" a; z. d9 W5 E& Q# Z2 y
R13(config)# ip route 10.1.1.5 255.255.255.255 172.16.14.41* {' t& b7 k4 \
R15(config)#do show ip route# f4 B% \3 I/ d+ [ e8 N
S 10.1.1.13 [1/0] via 172.16.14.1
% X1 m! M5 v l; L* R, o 135.0.0.0/24 is subnetted, 1 subnets) @" M0 ^1 Q- ^" Q$ ?$ P
C 135.0.0.0 is directly connected, Tunnel0
1 h r% C/ e7 E [R13(config)#do show ip route
U3 y, t, v& b1 Q9 D7 m) [5 JS 10.1.1.5 [1/0] via 172.16.14.41) f( P* c0 P0 M3 e8 L
135.0.0.0/24 is subnetted, 1 subnets
9 Q% ?8 u4 [ s& [3 \' a5 L7 kC 135.0.0.0 is directly connected, Tunnel0
+ s2 \, t. f3 F, m//战报说如果该下一跳物理接口,则需要在R5上重发布静态路由。0 [( z8 e* @% j7 N# x
但是我不知道为什么我做不出这个问题。
" Z G2 w) c2 P. y 考试的时候看题目需求来做,如果题目明确说明不能去掉静态路由,则不要删除。8 V- t `4 t. E! j# F
: x a! W; O9 d
F& \; h* U2 e
4 }6 T* O0 G8 M# u% T4 m+ N f# v8 ?& g$ E7 b; S# [; N
$ e4 @5 S( |6 M( ^" t
8 M2 `. }; f9 T, [) V8 r/ S2 R1 c) _3 q b1 T5 B' M
U4 g9 L) ^* P) X$ ^3 m3 Q4 ^& V7 }
. y# v. r- j$ l d: z3 d1 {# L# y
|
评分
-
查看全部评分
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2011-8-25 11:52:19
置顶卡
喧嚣卡
变色卡
千斤顶
成长值: 63715
发表于 2011-8-25 14:06:43
