- 积分
- 0
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 注册时间
- 2010-9-23
- 最后登录
- 1970-1-1
- 阅读权限
- 0
- 听众
- 收听
游客
|
太多的朋友关注我了,我本来不想写战报了,因为前面的战报内容已经和考试内容基本一致了,没有太大的改变,除了TS的考试点要注意。下面我来说说我的情况吧!
, g4 x6 S6 C* _5 F6 W* H q" m5 ]' P 字数有点多,但是我已经减了无数字了,希望大家都能全部看完,因为这会让你在接下来的考试得到一个明确的解决办法。1 O! J1 j3 v7 v; ^4 K& t7 ?
& l3 P, X6 d `( e* A7 g3 x D% h,我正常去HK考试,发现人都到的很早哦,7点45分就有4个人了。人齐后,其中4个路由交换(1个新加波),1个语音,1个安全(印度人)。, z+ H2 d( x0 I$ [, ?6 o
开考后,除了32号机架的是TS2,其他全部人都是TS1。而我就是坐38号机架的位置上。9 G6 B' ^- U8 V2 I! L* w) @& i
填完个人信息后开始考试,但是一开始就发现了一个平时不常发现的问题。就是设备号和配置不匹配。具体怎么说呢?好比TS1的帧中继部分是R22---FR—R23,我打开R22,显示的hostname是R22但是里面的端口却是R23的端口,然后打开R23,竟然里面全部是R22的内容。那就出现了部分信息重叠和混搭了。因为考试的时候不主张问考官,而且还是一开始就问,这样会显得没有配错能力。所以我就开启设备管理器,去重启所有路由器设备,然后重新加载设备。在长达20分钟的重启和加载,问题还是没能得到解决。在万般无奈之下,我举手找考官,Bruce来了后也开始发现了我的这个问题,他的操作是从第一台设备重启到最后一台设备,逐个按钮按(这是最郁闷的…),然后全部重启后,再从第一个设备重新加载到最后一个设备,(这个更加郁闷…心都快憋死了)但是依然也没能解决这个问题。Bruce告诉我先别动设备,他就回去自己的座位帮我弄,过了大约5分钟,Bruce又来了我这,又 把上面的步骤重复了一次(心都快吐血了),在这次完成后,发现设备号终于和配置对上号了。在确定基本没有问题后,Bruce说我是在开考20分钟后举手,而他是花了我20分钟来解决这个问题,所以他提出还我20分钟。我谢过Bruce,开始了这趟TS旅程。$ \2 ?8 C. l+ Q* k+ T: d/ Z4 L
正式开始后,第一题就是FR,可是我在FR设备看到的所有端口都是管理DOWN的,并且怎么看都不像是有配置的那种。不知道是不是设备还没弄好,我就又开始重启设备。希望能恢复有配置的设备。在过了3分钟左右,设备好像加载了配置,但是我在R22和R23上面去补充完命令后,show fram map 看到的却是一片空白,并不是inactive 或者 deleted。这个时候说不紧张是骗你的。我看看时间,一分一秒的过去,我还没开始正式参与到考试中,那个感觉就像坐云霄飞车,冲到天空的时候你被抛了出去一样。那是一种绝望的感觉。/ \& ^! a; u* j5 D/ I7 Z( n% _ U3 Y* i
因为不能因为一条题目而影响整个TS的进度,我毅然决定跳过。, t$ d* W$ B# ?4 S( d0 X4 T' F8 m; L
第二题是交换的题目,问题和战报说的大体一致,也是那么个情况,可是就算我怎么努力的去弄,但是都还是无法让R14学到正确的路由信息,或者可以说R14上只有直连路由的信息。
5 D+ u( e: p8 U; E; v 因为不能因为一条题目而影响整个TS的进度,我毅然决定又跳过。
; \5 X$ I# X2 i6 L* ^4 l; a 去到MPLSBGP的地方,这个点和战报说的一样,是要解决所以PE需要看到其他的PE有两个RR,但是TR点却并不是我们平时战报说的那样简单。我把所有可能出现的问题都看过了,都弄了一遍,都无法解决。3 Y. u; U0 n% Z
因为不能因为一条题目而影响整个TS的进度,我毅然决定又跳过….好了后面大家都应该可以知道了,我这份TS都不知道跳过了多少题。! q% D; U# u# _+ p( I, j. |. t
2 p+ K2 B# [/ ?+ ^9 y* j 在考试的2个小时里面,我花了30分钟解决设备问题。然后有个最主要的问题是38号机架的速度非常非常慢,慢到什么情况呢,开一个R19,我想show run | b ip dhcp 要等上接近足足2分钟时间(放心,绝对足金足两)。所以在所有设备上的SHOW命令的等待时间,就可以用去我30分钟以上的时间,这个时间是绝对的。如果配置多,这个30分钟可能还是很保守的。% P: v( Y+ @( u' \
所以最终我只有不到1个小时的时间来排除这些问题。
0 F6 @- i$ @/ d# d% I 这里有个绝对建议,希望各位接纳:
4 B) l% z4 y5 c0 p在平时,各位要保证能在40分钟内解决完所有的TS内容,并且可以保证每次的show命令都是准确到位,绝对不能出现show错,或者看些并不能正确解决问题的show命令,因为那个延迟会让你丧失所有的斗志。
# V4 e. B: y* q8 s对TS的错误点要有100%的准确。你一定要记住这个地方考的是什么,能立竿见影!- S7 `) M& }+ Y. ?( {
你要清楚明白这个考点可能涵盖的其他所有信息。- W% l( G; V' z2 }+ i
比如MPLS,你要知道mpls-label这个命令的作用,并且知道交流LDP的Loopback号和显示show ip bgp的Loopback号不同的情况下怎么弄。
. _) d4 ]5 O/ w: {' b& I4 T) R 最后在设备的延迟,在能力不足的情况下,结果以杯具告终。
0 x5 T- P$ Q; D3 z3 T9 E 好了,我想,或许也是一个时段的结束吧,而这个杯具的人是:小一。2 U1 s: B h" u* X2 E. c
# t( T: i* u5 N( A6 J0 }
我没有什么东西能送给大家,这些是我准备的TS步骤解决方案,本来不打算公开的。但是现在还是发上来给大家做个参考吧,这些解决方案只是针对部分TS的部分错误,并不代表全部内容。/ c- R, A X& o; D; n
这里有个小小的请求:看了这个解决方案的朋友就自己保留好了,不要转发,虽然不是什么奇珍异宝,但是也是我的个人心血。如果谁需要就叫他们自己去下载战报吧!不下载的就不要发这个信息给他们了。谢谢各位对我的理解和支持。; y2 r+ D$ y1 m/ Y8 V8 L$ ]
0 [7 S% x |: D3 E( B. ]
! ]/ \% G) h4 y0 P! |. ^2 T2 }9 H' ~$ u7 F$ J% v9 f
" v* P9 Q9 e$ U$ Y% T& P
+ v/ ]& K$ H# ?' U4 g. m; U
0 d( z1 G5 n n( D" y/ u
9 A8 O/ {* [, ~( @5 i! [- U" \; x
; b1 u; J2 L2 A
* T! h- N( k5 I( y/ { x
4 v( i* x- Y( e9 n8 Q% n& s8 V% W5 z- l
3 V$ A/ ^* n# K" s) P( @
TS13 }1 g2 v% u7 h3 I/ K: p2 k7 B2 W
这里的题目均是参照排错题目和部分战报制作而成。: r; C9 T4 a2 [5 S8 V
如需要获得更多详细的信息,请参考以下两份战报。, h: V ]+ ?" W# Z* F2 v6 U5 f
1.20110211 成都互联神州 超详细 新TS1++ K2 HK Francisco Fail
) L/ |7 u; n( h7 ~1 P2.TS1总结(完全冲刺版)
) H# h' Q @* I+ H- h# _此步骤和解释均是个人见解,如有任何理解上的错误或是解释上的错误,请忽略。
! e+ t- {: U" O# Z4 F4 s$ e& b! \1.R16 can NOT ping R19 loopback0, The flow should redundancy with both. Can NOT use static route.
3 D- i- h2 |- H% vR16#show ip route
, v% O4 ]& Z8 F 172.14.0.0/16 is variably subnetted, 2 subnets, 2 masks! Y7 h6 E! W' k" }+ {: N! |
D 172.14.0.0/16 is a summary, 00:13:03, Null0
% @% e, j- k- d+ _+ |, YC 172.14.12.8/29 is directly connected, Ethernet1/0
: \- D& s" g2 V& n! ]# \9 B 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
1 G* g6 Q) ]; k+ M$ m; Z* E3 GD 10.0.0.0/8 is a summary, 00:13:01, Null0
( G" z6 V# S% @0 W1 f) m: PC 10.1.1.16/32 is directly connected, Loopback0
6 E0 L* K& Y8 E4 F5 \R16#
! S; T- x1 e( ~; y8 o. w//先验证,看不到有R19的loopback口地址,并且所有的EIGRP地址都是汇总地址。* _: e" S4 ^8 C: y8 f; p
//这里可以发现,R16从R17和R18处收到的EIGRP路由是汇总路由(auto-summary)3 P: p* a$ t: K5 X+ ]# W! ]
R16#show ip pro
$ M5 i4 e# p3 Q9 R+ p, K0 ]: kRouting Protocol is "eigrp 200"
/ M) @* ^0 N4 D0 B. Y* BR16#show run | be r eigrp 200/ @# \) `' B. V5 Y
router eigrp 2005 [- ?6 c& P7 \1 b6 O# b
network 10.1.1.16 0.0.0.0
& d/ ` V. S/ h4 v network 172.14.12.0 0.0.0.3, K# H6 n# s0 S! l
network 172.14.12.8 0.0.0.7e
1 B/ a& l+ w" ?: K1 d auto-summary
. j% N6 H3 Z" S$ r2 {' K' n5 @R16#conf t( Y+ r& I: { ~+ B2 Z
R16(config)#router eigrp 200
! z% c5 ^, k! q- _3 {9 M4 tR16(config-router)#no auto-summary, n) E$ M! h, E9 d% Q6 ~
R16(config-router)#
9 s) w* S6 P, g' d" V WMar 1 00:16:29.647: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.11 (Ethernet1/0) is resync: summary configured$ W$ X8 m5 u" J: n8 o( s! k$ X# K
Mar 1 00:16:29.647: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.10 (Ethernet1/0) is resync: summary configured. D7 e$ [/ W( ]6 z
R17#show run | be r eigrp 200) B% n+ q7 T3 W' x ~8 p! _
router eigrp 200
+ I4 l- ^' a$ Y c network 10.1.1.17 0.0.0.0
4 _9 Y2 [: p9 s% n+ E1 t: M+ N network 172.14.12.8 0.0.0.7
; Q$ u- {; S% w/ k% I) x$ K network 172.14.12.16 0.0.0.77 p% L7 q1 n+ b! [
auto-summary; i+ I, u; a9 D8 Y
R17(config)#router eigrp 2004 L( i- I, O- d% `
R17(config-router)#no auto-summary
' I7 h* [5 h1 z9 g- g6 ] _5 KR17(config-router)#
) C6 X& _1 z" E5 F*Mar 1 00:17:23.725: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.12 (Ethernet0/0) is resync: summary configured
2 H. R! ~1 ?+ u& O# Q+ e/ l$ R*Mar 1 00:17:23.725: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.11 (Ethernet0/0) is resync: summary configured0 Y0 G% a! R9 e: a, T
R18#show run | b r eigrp 200
7 i8 ^$ b/ p- ~8 ^router eigrp 2007 V A3 k/ w0 C. c2 }
network 10.1.1.18 0.0.0.04 z) |; T6 K9 V7 ^
network 172.14.12.8 0.0.0.7
* o5 o7 C6 t% L( b7 `- K network 172.14.12.16 0.0.0.7
* l* L! p6 `2 a$ j auto-summary
1 @$ ^8 q4 C0 ?6 pR18(config)#router eigrp 200. H& W- V5 u- W P% o* f
R18(config-router)#no auto-summary6 n; m2 |" s' C5 O& v1 R& O
R18(config-router)#
/ H7 j$ p! w/ i9 b4 C6 a7 _! M% z" ^*Mar 1 00:18:39.347: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.12 (Ethernet0/0) is resync: summary configured4 b4 S+ j2 Q n' w$ q. s
*Mar 1 00:18:39.351: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.10 (Ethernet0/0) is resync: summary configured" Q. E) N* j6 v
R16#show ip route
' Z9 O; A( L7 N 172.14.0.0/29 is subnetted, 1 subnets
' q7 F) E( A/ r8 A! SC 172.14.12.8 is directly connected, Ethernet1/06 C1 ]3 Q9 f3 g* {
10.0.0.0/32 is subnetted, 3 subnets
0 C, I# F2 ?% f' q2 a3 |' ]D 10.1.1.18 [90/409600] via 172.14.12.11, 00:31:45, Ethernet1/0
# Y1 C5 g/ l5 [. s1 U! a tC 10.1.1.16 is directly connected, Loopback0! d5 K0 Z y+ `
D 10.1.1.17 [90/409600] via 172.14.12.10, 00:33:00, Ethernet1/0
& ]! }) {4 U& P+ R. w% WR16#
$ z9 E4 `* F) a3 I/ \' H//这个时候,R16可以收到R17和R18发过来的明确路由了,但是依然没有R19的物理接口路由和Loopback口路由。
/ I: L l" e& n) D8 c' l# V0 A//去R17和R18上看看有没有R19的直连路由。
`0 Z, A5 { P9 i& {) F9 Y, dR17#show ip route% i% _+ I0 {: ^: t ^' `: i' S4 R
172.14.0.0/29 is subnetted, 1 subnets
" z! z/ f& j5 x1 j% KC 172.14.12.8 is directly connected, Ethernet0/0
* c% e# E. V) m" J6 h( L 10.0.0.0/32 is subnetted, 3 subnets/ c- m6 I/ H- `; ^! g8 \4 \) n7 I! b/ O! I
D 10.1.1.18 [90/409600] via 172.14.12.11, 00:32:38, Ethernet0/0
+ h3 U3 s! t9 HD 10.1.1.16 [90/409600] via 172.14.12.12, 00:01:47, Ethernet0/0
$ C3 p8 x. u: _" W& i9 i- KC 10.1.1.17 is directly connected, Loopback0
/ q e( _, h u+ N//R17也没有R19的直连路由,查看接口地址是否UP。' |$ ]) f, ?( ~) t: ?
R17#show ip int br
; L, K; I, @) \2 O* uInterface IP-Address OK? Method Status Protocol
( J; A* @, |) ?9 k% |( Z% t6 r7 JEthernet0/0 172.14.12.10 YES NVRAM up up 0 J: t: P: Q* W2 b* k# w1 j
Ethernet0/1 unassigned YES DHCP up up
. F: J8 B8 a C" ~( j ^! F6 y5 [Ethernet0/2 unassigned YES NVRAM administratively down down9 I/ Z$ v0 n; p) h$ {
Ethernet0/3 unassigned YES NVRAM administratively down down
3 X! ]6 I' ]& B2 M5 f6 @+ T7 ]$ iLoopback0 10.1.1.17 YES NVRAM up up / n! J5 b5 i; ]5 O* M$ S
R17## w! X0 m$ \/ E0 g
//发现R17连R19的E0/1是通过R19的DHCP分配的,因此去检查R19的配置。: W* u! U5 y' \: n& M
R19#show ip dhcp pool: M4 m9 c6 i, _4 O
Pool dhcp :: F3 b5 Q. n1 q: \9 ]
Utilization mark (high/low) : 100 / 0
$ a5 i* W1 t. k+ C; t7 \) z+ e+ ` Subnet size (first/next) : 0 / 0
7 L5 P( _. u, j3 h$ h Total addresses : 6
! f' c( Q( t+ K2 \& W, N8 b3 F Leased addresses : 09 b9 [ w# Y1 r
Pending event : none
9 }& L# ?' y. T$ e/ T; N" i 1 subnet is currently in the pool :! r: J" p2 Q7 ?: U: q" f
Current index IP address range Leased addresses: s8 ~% q/ l1 a( T, r
172.14.12.17 172.14.12.17 - 172.14.12.22 0# M( l6 ]+ [3 \, Q4 P
R19#. Y( q) j8 @7 i8 d+ E" p8 D
//R19的DHCP地址池中一共有6个地址,被使用的是0个。地址池的范围是: 172.14.12.17 - 172.14.12.22
: _: J+ N$ g! F, _4 u//检查R19的物理端口。
: q( a3 H1 E" J4 \R19#show run int e0/0" H E' }( R% p/ x# ^ N' q% I
interface Ethernet0/0/ B' f: f: ?7 {% N& I4 j/ ~
ip address 172.14.12.19 255.255.255.248
* Y0 A. O# V { ip authentication mode eigrp 200 md5, Z, {* x3 }* r7 v& }6 `# |! t
ip authentication key-chain eigrp 200 eigrp1 i0 ~: ?! k6 X: h3 L3 D
half-duplex p- z W4 k7 W
end" N5 K1 \* @ A7 w, }
//地址掩码匹配正确。255.255.255.248 是/29位地址,每八位递增一个子网地址,那么172.14.12.0的下一个子网地址如下:0 A3 U4 B4 {7 o4 E% T& g+ Q2 q6 G
//子网地址为:172.14.12.16 C F9 y4 ]& M: i+ x8 K8 k/ b
//广播地址为:172.14.12.23
+ P: G" o+ l, J2 T+ @* K) I//可使用主机范围:172.14.12.17-172.14.12.225 K/ {7 B/ [- O; |! V* V
//检查是否有命令把DHCP给block掉了。# o2 I0 G# d- \
R19#show policy-map2 t! q# N( Z w7 j( `7 s2 `
Policy Map xx
6 D8 k0 M# p; m5 e) x Class xx( S) }+ e- l* ^$ I
drop9 A' _+ W; H( b, _) F; e
R19#show class-map xx! D, A7 O! l/ N4 j, b C
Class Map match-all xx (id 1), T, X) [0 I9 | i
Match access-group 1009 R3 ^7 W3 p! O7 u% H) ]
R19#show access-lists$ A# F( Z8 p+ u+ n- n
Standard IP access list 1. u1 b6 F+ o& q6 A- r
10 permit 172.14.12.0, wildcard bits 0.0.0.255# V) J/ L/ G. l9 T1 M- @
Extended IP access list 100
- y/ G% d, c& ]0 |. k! ` 10 permit ip any any (52 matches)1 S9 H( J5 p8 t) ~
20 deny udp any any
& h# G- F% R5 _: O# I2 J, JR19#. {+ s% K' W: g2 Y' }. h/ d; D
//可以发现,R19通过policy-map把IP包的数据流给drop掉了。4 J; m/ s1 R0 @' ?
R19(config)#policy-map xx K/ Q2 W+ E& S! E" ~, g
R19(config-pmap)#class xx
4 Y: `+ ]/ |! u/ uR19(config-pmap-c)#no drop
' c1 v" G+ K$ |+ PR19(config-pmap-c)#+ \/ b8 k( u, `& n
*Mar 1 00:07:09.851: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.17 (Ethernet0/0) is up: new adjacency/ r1 Z9 d- d1 o( g+ R) p( Q8 H
*Mar 1 00:07:10.195: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.18 (Ethernet0/0) is up: new adjacency: ^8 v- q) M4 }- P. b$ C; Q( T
//同一时间查看R17的弹出信息和R18的弹出信息$ | B' u* R7 N! y
R17(config)#
) j2 A. q! Y& H- g. u$ v*Mar 1 00:07:10.207: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.19 (Ethernet0/1) is up: new adjacency% ]& @. l2 l, ]+ D: W
*Mar 1 00:07:10.523: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.18 (Ethernet0/1) is up: new adjacency
* r3 K: t4 N. a$ V*Mar 1 00:07:10.959: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/1 assigned DHCP address 172.14.12.17, mask 255.255.255.248, hostname R17
4 m4 [2 [4 g3 K- b4 G- j9 GR18(config)#0 }( T+ @' }8 V, {6 C4 P" m, ^
*Mar 1 00:07:10.795: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.17 (Ethernet0/1) is up: new adjacency
& j2 c6 `6 W) f, {# h4 U*Mar 1 00:07:10.807: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.19 (Ethernet0/1) is up: new adjacency
! Y0 G$ [, t& H- ]. Q+ n*Mar 1 00:07:11.887: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/1 assigned DHCP address 172.14.12.18, mask 255.255.255.248, hostname R18
* G! k# E, a( J/ s Y" l" ^# p; I//这时,R17和R18已经获得了R19的DHCP 服务器分配的IP地址。1 [: `! ]' l; z7 D; x+ ]( {; H
R17#show ip int br
: X; Q7 w0 N' {; t) M, KInterface IP-Address OK? Method Status Protocol1 y% W. k$ \8 j8 ?0 B0 L" ~
Ethernet0/1 172.14.12.17 YES DHCP up up % q+ l6 {4 s% E
R19(config-pmap-c)#do show ip route
E4 i S j0 M 192.168.14.0/30 is subnetted, 1 subnets! N% H& G. S9 b$ }7 r8 @, B& k
C 192.168.14.0 is directly connected, Ethernet0/1' A5 x. N1 q1 ]: y1 |
172.14.0.0/29 is subnetted, 2 subnets
* P* k6 ~% H) N0 O! h- r2 BD 172.14.12.8 [90/307200] via 172.14.12.18, 00:03:00, Ethernet0/0* G! R, w% [8 ?2 ~/ \ L3 b
[90/307200] via 172.14.12.17, 00:03:00, Ethernet0/03 f6 ^9 N( P% C- H9 E# L) p
C 172.14.12.16 is directly connected, Ethernet0/02 v( n; k5 m5 O, Y+ B: f
10.0.0.0/32 is subnetted, 4 subnets
" H9 e) U( n8 ?D 10.1.1.18 [90/409600] via 172.14.12.18, 00:03:00, Ethernet0/0* B+ Q$ O; ~, `
C 10.1.1.19 is directly connected, Loopback0
+ A1 ^3 {; k9 q% J0 g- w( L# B) CD 10.1.1.16 [90/435200] via 172.14.12.18, 00:03:00, Ethernet0/0( S. X. e1 C, P+ o' T0 J @
[90/435200] via 172.14.12.17, 00:03:00, Ethernet0/0. u4 l6 G7 X; o2 H6 u; X
D 10.1.1.17 [90/409600] via 172.14.12.17, 00:03:00, Ethernet0/0
5 L! ~0 L) _. j# n2 _( V7 x' v& [% {/ V//R19和R16,分别有了负载均衡到对方的路由,并且可以Ping通。
. ~! h1 q! }% h& x5 W, |# e% u4 cR19#ping 10.1.1.16: [% t6 k+ H9 X/ E
Type escape sequence to abort.# A5 j# c, G7 c7 w
Sending 5, 100-byte ICMP Echos to 10.1.1.16, timeout is 2 seconds:
4 |1 s: |. G q!!!!!
4 z# x' S' }3 g# ySuccess rate is 100 percent (5/5), round-trip min/avg/max = 96/109/136 ms
% M; e( B' H* r( IR19#8 `5 H& j% _9 C* ] [# a0 M' D( a
R16#ping 10.1.1.19
# D7 T& p1 l5 N0 I0 ?( X5 l% TType escape sequence to abort.' e$ H p3 Q1 ?
Sending 5, 100-byte ICMP Echos to 10.1.1.19, timeout is 2 seconds:" H/ x% N" `$ c6 H; N
!!!!!/ u9 E- U! U" ~7 t& c$ c5 K9 m
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/120/148 ms
: H" K. F) ^* c1 ]6 l: N4 [R16#3 p/ }& z9 X# n) d
2.R15 and R16 can NOT established EIGRP.
: N% X% z- P. c3 x1 ?1 ~: ZR16#show ip int br
, c. O# N; |4 X4 y9 b8 S9 |Interface IP-Address OK? Method Status Protocol
& Y2 x: b- J1 {Serial0/0 172.14.12.1 YES NVRAM up down4 ]8 G* k) z$ ^# A, W
//首先在R16上确认情况是否属实* T9 B6 Z' p* r+ D. w: c
R15#show ip int br& h6 i( _( J& v3 R% t
Interface IP-Address OK? Method Status Protocol2 n% M, W/ J4 m; [, U K
Serial1/0 1.1.10.2 YES NVRAM up down
2 v% r ?, }& w: GSerial1/1 172.14.12.2 YES NVRAM administratively down down5 j3 C7 N' [$ v; q! d* A
R15(config)#int s1/1
( Y+ I$ l# \2 p$ X7 ~. S" U W& RR15(config-if)#no shut
# [! F% M" G' E( ?' CR15(config-if)#% _8 W/ g3 _( o( c, v' r
*Mar 1 00:03:25.943: %LINK-3-UPDOWN: Interface Serial1/1, changed state to up- n) `: M8 J4 {) `. I
//通过这条提示,我们可以知道,物理链路UP,但是没有收到协议UP的消息。6 F, z" o+ ?& Z# V; j) v
*Mar 1 00:04:41.319: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up S% M8 K% p) P" _3 }
*Mar 1 00:04:42.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to down3 v, j) E9 ^. ?) P5 w0 z! J9 D
//出现协议UP DOWN的情况,多半是认证不通过,此时应检查端口情况。0 [5 W! \' @* q+ v( v8 @* B+ H0 S
R16#show run int s0/0
" Y" A# H, W f$ T& Y/ z" finterface Serial0/07 o6 A3 W( L( i
ip address 172.14.12.1 255.255.255.2524 `# v- g9 `% F% W, h v
encapsulation ppp/ y' Y/ T) y# K7 {5 X7 ^
serial restart-delay 0
k* }8 }0 B' M" y ppp authentication chap' M$ S6 H' n- C5 J0 P7 A
ppp chap hostname ccie7 F5 O2 d: c' A/ K
end
5 G8 f1 O2 k% t3 g# @R16#show run | in user
: `" z: C+ @7 L. C5 v$ |username R15 password 0 cisco
5 E" f+ h4 U0 N" Q+ n//这里可以发现R16开启了PPP认证。6 B3 I- Q; f' S- [
//通过这句话:ppp chap hostname ccie可以知道R16也是被认证端(也就是双向认证)。. P1 w, [7 S+ M) N/ N5 O( A/ x* E
R15#show run int s1/1- Y0 Q6 n3 c0 J' {0 M5 O
interface Serial1/1
% M' B \1 i9 m+ N5 f ip address 172.14.12.2 255.255.255.252: v6 D! a( p) C0 _1 A q( _& w
encapsulation ppp
$ t+ g+ |" r8 e4 m# x, X k: ` serial restart-delay 0
6 U& k' I) J% a3 j( R clock rate 252000
1 @: G6 U+ N2 p' _9 p6 i; m& H; E ppp authentication chap7 R' V% U! O+ \& [
ppp chap hostname cisco. o" y; n9 ]9 D( {1 g# b v
end. J( w$ o4 j4 u$ N% u# d6 T6 {* j! f
R15#show run | in user
5 l0 U) D5 d9 nusername R16 password 0 cisco
+ t) \+ @. C# n% O8 B$ X- l; K7 E//通过以上信息,可以发现R16和R15双向认证不匹配。
+ V! z0 X+ T8 J) ^7 I T! P, g这里我们做以下整理:
o9 E2 }; ]" X- r; I. pR16:6 \3 U$ E2 o: z8 F& [
username R15 password 0 cisco //这里的信息要和R15匹配
- t. j$ ~$ X, W9 w5 o- I //username R15 是对应对方的hostname
( S! k% f% l3 @. l% S, C3 f! f //password 要双方一样
9 T( F" C, L, A" a9 r) QR15:# S4 ~3 C0 k- T4 A* z1 ] ^
username R16 password 0 cisco //这里的信息要和R16匹配
4 }: V+ D2 ? y; e7 o( m' { //username R16 是对应对方的hostname
( @1 M; _9 b0 Q E: v //password 要双方一样
! ]6 g# V9 K1 n4 I9 k. s, e8 h+ iR16 int s0/0:
8 U; [. x4 }3 R+ }/ X ppp chap hostname R16 //R15定义对方的username
% Z6 m( S# R. E( ~$ e ppp chap password 0 cisco //R15定义对方的password
- Q5 l# W; h4 x+ QR15 int s1/1:
7 \: ]$ a. R# R$ ?* b ppp chap hostname R15 //R16定义对方的username
( X) t$ T2 M' W. p- Z2 q ppp chap password 0 cisco //R16定义对方的password
0 ]: U$ o& A- }. Q0 q/ {R16(config-if)#' r3 X k, ]/ c y+ c) ^& s5 d" P
Mar 1 00:29:08.831: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up; Z9 H1 s* Q+ N! \2 i( x x
Mar 1 00:29:09.067: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.2 (Serial0/0) is up: new adjacency: K5 b6 S X- |' i8 Y3 G
R15(config-if)#
9 h7 @. C7 T- j$ f) N! y4 V" M*Mar 1 00:16:01.907: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up
! c4 k1 m' O. y3 X*Mar 1 00:16:02.519: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.1 (Serial1/1) is up: new adjacency: L, `. P& R0 m1 h; j) k
//修改完成后,出现以上字样,代表协商成功,邻居建立。# ?/ x" ]: @- B9 P
//此时再查看EIGRP邻居。0 o) a& M2 l! s* ~1 G0 B1 ~
R16#show ip eigrp neighbor
9 K# C! m7 \" s+ g/ EIP-EIGRP neighbors for process 200- ~$ b. k/ L) S7 g
H Address Interface Hold Uptime SRTT RTO Q Seq, j; Q& j) n h5 l) H
(sec) (ms) Cnt Num* h3 a3 g! O! o! a% X: C1 S
2 172.14.12.2 Se0/0 11 00:02:53 148 1332 0 3! q$ b0 x% ?' I% |& [" A: U3 \
R16#; ]# n5 g: f6 X8 ^- i3 g
3.CE R15 Loopback0 and CE R7 Loopback0 , there are can NOT ping each other’s.: |* F" _3 F: S
(Four PE route require display another three PE loopback in show ip bgp.)
- N, B: ?) x. G) l% x) O解决这题就应该有一个良好的步骤和习惯:(参考TS1总结-完全冲刺版)
1 u7 D5 z. K3 P2 \4 v N* I6 l9 X1.首先解决直连路由问题
5 f+ ^" a8 T ?3 f; J* l# [2.解决IGP问题
1 c1 m7 T- w; x L! A3.解决BGP问题 X- Q1 l4 e4 S
4.解决MPLS问题2 Y2 c" L" D* C1 c9 ~: G2 T
U+ ?$ e5 R# @% {* y0 ]5 O4 ?
首先查看R15和R3是否成功建立了EIGRP邻居,是否能收到EIGRP和VRF过来的路由。
/ G% @( m/ O* z2 K: zR15#show ip eigrp nei
3 U0 n0 `# a* xIP-EIGRP neighbors for process 200) E; b! k& e: X
H Address Interface Hold Uptime SRTT RTO Q Seq/ |* O* Q1 `2 ]) Y
(sec) (ms) Cnt Num8 D6 ^. C. E8 g
0 172.14.12.1 Se1/1 14 00:13:02 60 540 0 28
; ]" Y4 R- e9 l! O5 [: y* u8 VR15#
8 J8 `& y% K) t3 S+ M//这里可以明确看到,R15这个EIGRP的邻居是刚刚建立的R16的EIGRP邻居信息。
& \+ l9 g; X/ J6 ~//这就说明R15还没有和R3建立起EIGRP邻居关系。, }2 f: k7 M) \
R15#show run | b r e& `: |& x- J& w
router eigrp 200 L; R; K* D% `- ^5 b& t8 n
network 1.1.10.0 0.0.0.31 s6 o9 H% C, Q( G4 d+ ^
network 10.1.1.15 0.0.0.0
4 W# g+ s$ x6 g5 t# Y network 171.1.1.1 0.0.0.05 I* W; k5 B/ N
network 172.14.12.0 0.0.0.33 p+ T8 D* J1 T6 T6 @
no auto-summary
6 y6 X9 [1 ^# H1 ?" M- A//R15已经把自己接口和Loopback地址宣告了出去。
% \/ ?( e0 N* u. MR3#show run | b r e
( M0 e/ \9 p k* l @5 urouter eigrp 1# V8 O5 L* t& @9 Y1 e' }
no auto-summary
& ~# L4 t+ F* [! v7 I) q8 C4 c$ T8 j !
: J& _( Z' g2 C5 ]( P! _4 } address-family ipv4 vrf site-b
# s; H8 e& j% m% l+ P redistribute bgp 3 metric 100000 100 255 1 1500
3 I" ^8 y% q. w8 I$ w network 1.1.10.0 0.0.0.3
/ h: a6 d% ] K7 ?/ N) a# L no auto-summary
3 p; o& g" h/ F% x0 S: n( O! P exit-address-family
, I. ~6 l' j) X2 J; i: {" p3 C( { a//R3也已经把自己的直连端口宣告了出去。
! E6 ^7 c3 V: a$ m0 ~- F9 M/ J//R3和R15应该是通过EIGRP200来建立邻居关系,而当R3建立了VRF后,R3的路由表应该要转移到VRF自己的路由表中。
4 R: ^, u$ `" P( b" u: ~. ]//所以我们应该要在VRF下建立一个EIGRP200的自制系统和R15进行协商。* m8 q. [$ ^! Q ]
R3(config)#router eigrp 1$ t: ?8 B9 o P( G; j% I# f
R3(config-router)#address-family ipv4 vrf site-b, F; s& b9 n. S6 }, O5 W3 b
R3(config-router-af)#autonomous-system 200+ f/ k z6 @9 i* V+ J. T
R3(config-router-af)#
- a9 O9 Y5 q7 X2 {*Mar 1 00:10:44.199: %DUAL-5-NBRCHANGE: IP-EIGRP(1) 200: Neighbor 1.1.10.2 (Serial1/0) is up: new adjacency' o, p6 [" N, P6 S
R3#show ip eigrp vrf site-b nei
& A+ T4 C v5 I: e( L8 E! R2 F9 E7 [IP-EIGRP neighbors for process 2004 Y, Q6 s7 w! J) [# e( w
H Address Interface Hold Uptime SRTT RTO Q Seq+ _; c U8 K" B0 e. ~$ I( ~
(sec) (ms) Cnt Num
1 Z. U/ m" l9 T# n. m+ K0 1.1.10.2 Se1/0 13 00:00:52 217 1302 0 11
|3 }+ ?& _$ m) O3 VR3#3 U! N( K. p8 L2 a# r
//这时,我们来查看R3的EIGRP VRF的邻居时,就可以发现R15的邻居信息。
& R4 e7 ~$ m! R; V6 b. _7 ~R15#show ip eigrp nei
/ u& q1 C0 Z" Y1 M( ~' X6 N9 }; B" eIP-EIGRP neighbors for process 2001 V) e- a( h- c8 z& S' e4 M |) w
H Address Interface Hold Uptime SRTT RTO Q Seq
8 g) O4 V; a6 x3 i5 b( W/ o (sec) (ms) Cnt Num
$ Q5 A& o" y% ]4 K2 R1 1.1.10.1 Se1/0 12 00:01:43 511 3066 0 4( Y$ N, o; L* h( n& \6 z
0 172.14.12.1 Se1/1 10 00:22:53 60 810 0 29: I( Y! t8 D9 B) b, [) B6 `4 o* m. d3 H
R15#
5 ]% J4 q. k% v! X/ u! Y& ]0 w7 l//与此同时R15也能正确的和R3建立起了EIGRP邻居关系。
7 v3 K3 @- l8 }% }' @1 m8 aR3#show ip route
6 W( l6 f% ]5 x; ` 172.14.0.0/30 is subnetted, 8 subnets
: k7 e' e5 m1 X/ y- p6 cC 172.14.8.32 is directly connected, Ethernet0/0
. y# ~. _ y' c: t( i( sO 172.14.8.8 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/2
6 O- x2 n* [1 W, k/ D3 hO 172.14.8.12 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/2! o; e4 H1 J8 c. Q; o" Y+ j
C 172.14.8.4 is directly connected, Ethernet0/2+ r' Z* A8 G) f2 S) C
O 172.14.8.24 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/0' t4 B# |+ R' p; J; M
O 172.14.8.28 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/0) P6 ^# u# G4 ?% [; Z) \
O 172.14.8.16 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/2* K2 Z) n* O5 ]5 W2 ~1 ~
O 172.14.8.20 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/0
& q$ E4 H% S. K; p1 i4 w6 i+ ` 10.0.0.0/32 is subnetted, 6 subnets3 V x; n5 X, H3 g. |# ]
O 10.1.1.2 [110/11] via 172.14.8.33, 00:01:06, Ethernet0/04 G. @ `8 E, ?3 E. m& s+ W2 J
C 10.1.1.3 is directly connected, Loopback09 {2 k' h2 d! M r! c' {: q5 W
O 10.1.1.1 [110/11] via 172.14.8.5, 00:01:06, Ethernet0/2- f+ B6 l y: U* t! N" E% n5 t
O 10.1.1.6 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/08 P3 F+ q' a/ M4 J* |9 D& A
[110/21] via 172.14.8.5, 00:01:07, Ethernet0/2, y3 q, ~ A' T7 K- w# C8 `1 F+ @- A Z
O 10.1.1.4 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/0
0 t. T: D- y% V0 P- t" q5 N [110/21] via 172.14.8.5, 00:01:07, Ethernet0/22 O5 e1 l1 n8 ?/ C; d
O 10.1.1.5 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/0
3 n; \, }1 e+ y3 A/ p4 |! F [110/21] via 172.14.8.5, 00:01:07, Ethernet0/2
; q( V$ o) t1 A5 L% B//从这里可以了解到R3通过OSPF已经学到了各台P和PE设备的RID。
( b& B5 O6 B% Z' `' K/ AR3#show ip bgp) i- [* o6 ^. T& s) G
BGP table version is 10, local router ID is 10.1.1.3
3 i8 q6 A! `" ]# { Network Next Hop Metric LocPrf Weight Path
! K/ y I0 q5 t. o" `) nr>i10.1.1.1/32 10.1.1.1 0 100 0 i
) g+ T+ G- \4 w( Q% x6 `r>i10.1.1.2/32 10.1.1.2 0 100 0 i
! U! u5 G6 ~) `) A/ \7 c- F% \: ^; c; ?*> 10.1.1.3/32 0.0.0.0 0 32768 i, p2 _& v. p1 X
r>i10.1.1.5/32 10.1.1.5 0 100 0 i
( F6 e3 N: w: {' x" \ }0 N A5 C. L+ kr>i10.1.1.6/32 10.1.1.6 0 100 0 i2 }2 _* w* A" C/ } N$ N
R3#
; t3 A0 T' o% K; {5 X//从IPv4BGP表中可以发现R3没有去往R4的BGP路由。
$ l8 F: c1 r$ i" k//现在这个题目是要解决从CER15去往CER7的路由要通。所以R4的问题稍后解决。2 {1 v+ [8 t( A4 ]$ L* D
R3#show ip bgp summ7 L0 L: n% y/ x
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd, B+ n: ^) K4 ?3 ?. v$ Q% @
10.1.1.1 4 3 26 10 10 0 0 00:06:07 11 n" @9 v$ f# I( A& c- u
10.1.1.2 4 3 28 9 10 0 0 00:05:53 3; w; g8 M7 X0 d0 }; a' s
R3#show ip bgp vpnv4 all summ
; M. F, n% G, c7 v! E# o; |Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd& A9 w# x( ]5 G/ h9 Q8 s
10.1.1.1 4 3 26 10 24 0 0 00:06:32 11
$ {' n. A8 K$ Z9 r1 h" A X0 i10.1.1.2 4 3 29 10 24 0 0 00:06:18 11
* B1 {% X" |) E1 E7 GR3#) T/ h7 m- W, r& P% X
R3#show mpls ldp nei j4 Q) X% P0 E4 v/ T
Peer LDP Ident: 10.1.1.2:0; Local LDP Ident 10.1.1.3:0
& ]- v6 I$ W) G+ C& l5 ]; X TCP connection: 10.1.1.2.646 - 10.1.1.3.52569; v7 T( ?0 M: \4 [' U% w
State: Oper; Msgs sent/rcvd: 25/24; Downstream
* a( }3 n% F3 s% [4 K& U2 z Up time: 00:06:50, K2 I1 ?$ q1 k l! _8 ?
LDP discovery sources:
+ i$ _ O$ {! D# B8 O Ethernet0/0, Src IP addr: 172.14.8.33
. c( q2 p- V1 S/ H5 @ Addresses bound to peer LDP Ident:
* U0 r. Q! [ Y/ Y 172.14.8.33 10.1.1.2 172.14.8.25 172.14.8.29) R& M( p+ x0 D# h$ r- P% l
172.14.8.21- [9 _3 q2 b' X& ~
R3#- j8 }" i7 b- E* i1 K3 n* S0 w
//这里我们可以了解到R3没有和R1建立MPLS邻居关系。
- M* g! }+ S' i//我们可以查看R3连接R1的直连端口。& m* {% D8 {& R1 s
R3#show cdp nei
0 N1 v: c( |6 |0 ]/ VCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
0 ^: z- k$ @) N& r3 k& x S - Switch, H - Host, I - IGMP, r - Repeater
: w. m9 s6 P9 q9 S' `' {# cDevice ID Local Intrfce Holdtme Capability Platform Port ID: r, |% Z1 f& [' b% e
R15 Ser 1/0 171 R S I 3640 Ser 1/07 n6 Z" H" ?8 e
R2 Eth 0/0 160 R S I 3640 Eth 0/03 A% c% Y6 E+ [6 |
R1 Eth 0/2 165 R S I 3640 Eth 0/28 ?* @2 w0 t1 r+ Y4 F3 [* P
R3#
5 E% E/ ?+ u3 q0 _. hR3#show run int e0/2
. O3 D( w' m4 @interface Ethernet0/2& g+ q2 l: N; _. ~
ip address 172.14.8.6 255.255.255.252
; ^% Q) m+ f* L/ I9 }: _6 c, O ip ospf message-digest-key 1 md5 cisco# G& U# ]3 S+ |" J
half-duplex
O6 O, {4 b7 f6 k, R mpls ip
' }% ], d( o1 m) {1 Mend
: V7 W# s0 {# T1 P! @//在确保R3的e0/2接口没有问题的情况下,去R1的e0/2检查。" b) C" U. A% q% W2 Y& c; d: Z
* e5 S" {9 P! N6 f3 f5 U
R1#show run int e0/2, b. z7 a; ? S2 p3 K$ _
interface Ethernet0/2 ]) O; h# }0 z; u* k' [: z3 }
ip address 172.14.8.5 255.255.255.252
0 k5 N6 T" ^8 C$ D ip ospf message-digest-key 1 md5 cisco9 v4 j0 `5 B) I: N* G. [% K3 h( O# D
half-duplex& ]: D' x; S7 y" p. }8 P
end
; U8 m7 l; Q5 }/ ?$ v( X8 _//我们发现R1的e0/2缺少了MPLS IP,把它加上。3 w# f- c4 l; x9 `1 R ]" k! T
//因为P设备和所有的PE设备在直连端口都应该打上MPLS IP ,所以可以使用range这个字段来囊括所有的端口。; v+ g4 t' M+ p, D' U% S1 ~: G
R1(config)#interface range ethernet0/0 -3: H- ~, w$ j& b7 @
R1(config-if-range)#mpls ip; `3 K; w9 _. Q# a, Y* ~4 E* {4 j
R1(config-if-range)#
7 C: ] j4 f" q0 i* ^+ g" P$ i*Mar 1 00:14:47.935: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.3:0 (2) is UP
& v" c* U. t' a3 z, x/ h- |*Mar 1 00:14:48.003: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.6:0 (3) is UP8 H' e% [) K5 F9 k1 S6 F5 d1 T
R1#show mpls ldp nei
$ w& {1 L$ ~7 n, _" o Peer LDP Ident: 10.1.1.5:0; Local LDP Ident 10.1.1.1:0* Z( x5 K/ K3 ~( \' l7 D
TCP connection: 10.1.1.5.47537 - 10.1.1.1.646* s6 k/ f4 l/ f2 H8 J9 H0 _. p0 s0 g
State: Oper; Msgs sent/rcvd: 31/32; Downstream5 I, s1 g8 _' |* G
Up time: 00:13:09& v5 L. @6 x# g9 t" ]" H) j9 ]9 O
LDP discovery sources:
$ ^. h4 H3 R- O1 p; r( Q6 q Ethernet0/0, Src IP addr: 172.14.8.18
4 y* N) p0 A, Q9 e: S Addresses bound to peer LDP Ident:
5 u; J" y# q. \2 w$ c2 M# [8 \ 172.14.8.18 10.1.1.5 172.14.8.22' u4 m2 ?# @" e7 f: d" n- @1 i" r
Peer LDP Ident: 10.1.1.3:0; Local LDP Ident 10.1.1.1:0
; y4 ~1 q, w% M TCP connection: 10.1.1.3.61492 - 10.1.1.1.646
: b/ M' V) L! v1 R, F State: Oper; Msgs sent/rcvd: 18/17; Downstream
$ |3 Q( O( T( p Up time: 00:00:55! j0 B( V- G+ `0 ~8 Y# U8 C
LDP discovery sources:
! x6 \# A7 O0 Q! ~5 p! J' R7 j+ V Ethernet0/2, Src IP addr: 172.14.8.6
% u, u9 h2 x. b- p) \7 d* S" { Addresses bound to peer LDP Ident:' z: d% V' x, l( q
172.14.8.34 10.1.1.3 172.14.8.6
) L2 l& Z- Y) T) \% _) e$ W Peer LDP Ident: 10.1.1.6:0; Local LDP Ident 10.1.1.1:0( F" X' x1 b3 s1 d* m
TCP connection: 10.1.1.6.11900 - 10.1.1.1.646
8 ~' ^' v; T$ l: }. | State: Oper; Msgs sent/rcvd: 18/18; Downstream- {" P" Y) ~/ b0 K$ m: q
Up time: 00:00:55
7 R$ \$ J0 `7 r, M. w; N LDP discovery sources:* y+ g& w6 [! B) I4 ^3 b5 I
Ethernet0/3, Src IP addr: 172.14.8.14) S- E/ Y# @* k" m
Addresses bound to peer LDP Ident:
0 Z Z- x0 T1 \# r }! S6 M 172.14.8.26 172.14.8.14 10.1.1.6
& q6 t; J4 k( i8 h E: j* CR1#) E( [) o$ V% z& g
//R3 已经存在于R1的MPLS表中。0 Y8 D# ~9 j! y
//R1是P设备应该有4个PE设备的对端,而且从RID地址可以了解到R4没有在R1的MPLS表中,这个记住,一会解决。5 _; }4 n0 }) f8 @. `
R6#show ip route
" m5 |4 ]" H& F0 X+ a4 N K 172.14.0.0/30 is subnetted, 8 subnets5 k7 G% b8 s# M3 D
O 172.14.8.32 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/13 Z6 A6 j" H6 ?8 k
O 172.14.8.8 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/3
4 U) n9 G q, m6 rC 172.14.8.12 is directly connected, Ethernet0/3
- M5 ~$ \0 I0 V/ _/ o' a4 hO 172.14.8.4 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/3' P' u/ T4 P$ g2 U s |
C 172.14.8.24 is directly connected, Ethernet0/1/ }5 j- R' E! R5 ]! u
O 172.14.8.28 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/1
% V9 h# ^+ O3 _- eO 172.14.8.16 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/36 ]: W, H/ k2 `# r3 p
O 172.14.8.20 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/17 u1 i( R; n8 P" V4 _
10.0.0.0/32 is subnetted, 6 subnets
# _0 n) O% ?& G/ nO 10.1.1.2 [110/11] via 172.14.8.25, 00:21:54, Ethernet0/1# A2 O0 v' o! k$ N. W8 q
O 10.1.1.3 [110/21] via 172.14.8.25, 00:21:54, Ethernet0/12 w$ o" [; q* }& J: I# G5 r( H p* F
[110/21] via 172.14.8.13, 00:21:54, Ethernet0/3
8 x# E8 f! {* Q) I0 t% u( u2 lO 10.1.1.1 [110/11] via 172.14.8.13, 00:21:55, Ethernet0/3 G5 g1 u5 D7 _! M
C 10.1.1.6 is directly connected, Loopback0, c5 o0 u S( N- Z7 F' g
O 10.1.1.4 [110/21] via 172.14.8.25, 00:21:55, Ethernet0/1
# L& I: K& t# q5 Y; s/ { [110/21] via 172.14.8.13, 00:21:55, Ethernet0/30 X8 _" g7 v' r* d
O 10.1.1.5 [110/21] via 172.14.8.25, 00:21:55, Ethernet0/1% ?" Z1 F$ _1 _) ~) f
[110/21] via 172.14.8.13, 00:21:55, Ethernet0/3$ p8 a7 z) E6 i0 i7 Z* J( E8 I
R6#show ip bgp1 G2 k! N" P) E! l% o4 o J; G
Network Next Hop Metric LocPrf Weight Path, C! Q! V f# G" {7 U W% c/ X0 ]# k
r>i10.1.1.1/32 10.1.1.1 0 100 0 i
( z- k! m0 C' J1 Z( }% Hr>i10.1.1.2/32 10.1.1.2 0 100 0 i# K4 C$ `+ V4 K% Y- c3 M9 _
r>i10.1.1.3/32 10.1.1.3 0 100 0 i
' j: Z$ a* d( |" ?r>i10.1.1.5/32 10.1.1.5 0 100 0 i* u9 m P; S5 K( C
*> 10.1.1.6/32 0.0.0.0 0 32768 i6 Y0 K! n- n) n' q
R6#show ip bgp summ
$ Y: k1 r' H/ @- L6 l8 c, {Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd& R* t. _0 H5 T3 f L6 P# \
10.1.1.1 4 3 34 42 10 0 0 00:22:21 12 @: e, q* |6 w5 u4 j, a# x4 Q# Z
10.1.1.2 4 3 37 42 10 0 0 00:22:23 3
6 G$ \. i9 f! k B$ P: FR6#show ip bgp vpnv4 all summ
. E0 _! F1 w( r. J- V3 W- p$ LNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd4 @* \# z" ~3 F
10.1.1.1 4 3 34 42 23 0 0 00:22:32 0
! J) `% m) B' F9 w i; F/ t) |6 w10.1.1.2 4 3 37 42 23 0 0 00:22:34 0* y! r" Z; O1 c: X5 a o
//从这个表可以了解到R6没有与R1和R2交换VPNV4的路由信息,它们之间只是建立了邻接关系。7 @8 Y1 l1 b' p: O' C
//代表R6无法收到来自R3的VRF信息。! Y2 j; ^. m, ]% r+ i+ z; m
R6#show mpls ldp nei
" v( Q `5 V3 E3 S: `8 [ Peer LDP Ident: 10.1.1.1:0; Local LDP Ident 10.1.1.6:0+ _- \6 S, q0 \0 G: T1 c- h
TCP connection: 10.1.1.1.646 - 10.1.1.6.11900) K$ a- i/ S; b X1 r% Y8 l+ l/ n5 Y
State: Oper; Msgs sent/rcvd: 30/30; Downstream
2 A: t9 l# \. a/ [ Up time: 00:11:49$ \" h; O1 }) |2 Z- J
LDP discovery sources:2 U0 h& M3 e9 L9 Q% u
Ethernet0/3, Src IP addr: 172.14.8.13
8 H4 }% q* z% Y4 Z Addresses bound to peer LDP Ident:
% Z: O0 F( x# l$ { 172.14.8.17 10.1.1.1 172.14.8.9 172.14.8.5/ p: ]" |% |* @8 l& P/ A: C: p) K% d
172.14.8.13' @; X1 k) \" j- [3 F1 a9 y
R6#1 \" |) j0 R1 R* O! K
//R6缺少去往R2的MPLS路由。
6 U7 {8 R. P) s) S$ {R6#show run int e0/1
$ }, B3 p' V, F3 v" r* xinterface Ethernet0/1, |4 y2 ^7 W% L8 @- N0 }9 ]
ip address 172.14.8.26 255.255.255.252
1 u: V. }' z0 i" l8 i6 E ip ospf message-digest-key 1 md5 cisco
! [+ I- Z+ c. O7 z, V half-duplex
8 q+ P0 a8 F8 v/ G- i @7 {+ }end
& p6 h5 \. q7 A3 z2 M6 @5 x" L+ l//加上MPLS IP6 |. e; f) R' P: F6 p
R6(config)#int e0/1
, J6 B- p" {- ^R6(config-if)#mpls ip" F! i ]* S8 |* q: j
R6(config-if)#
8 m3 E. y. X/ D5 h*Mar 1 00:26:14.003: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.2:0 (2) is UP$ B, {4 k6 b- z& T( m
//我们去R15上查看一下是否正常收到CER7的路由. B2 t+ i2 H$ f/ X( x
R15#show ip route0 E9 i3 @; n( n+ N. I
1.0.0.0/30 is subnetted, 1 subnets
0 L! m" [) H' S7 G0 T4 S, MC 1.1.10.0 is directly connected, Serial1/06 ~5 i% B4 o# G$ a
171.1.0.0/32 is subnetted, 1 subnets
7 r% r% X" z" T0 G- ]C 171.1.1.1 is directly connected, Loopback104 l: l( M% _) d5 m0 {# F1 a* k/ b
171.2.0.0/32 is subnetted, 1 subnets
- t3 R$ x3 E4 F, Z' P5 t! FD EX 171.2.2.2 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0) b( R. j3 v8 l- D7 Q4 Q
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks( F2 }7 s: A6 f6 G- U; x% ^
D EX 10.10.10.8/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
U# G( b% p% p# FD EX 10.1.1.8/32 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
, ]7 _ u- e, O) h7 WC 10.1.1.15/32 is directly connected, Loopback01 T, s A2 C. Z! {- d
D EX 10.10.10.0/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0 [) A2 o( u/ a5 Z1 W; O
D EX 10.1.1.7/32 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
) R( r* a6 p4 u k& UD EX 10.10.10.4/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/06 P* Q8 A7 g6 ^: m; K. H( y" i
D EX 10.10.10.24/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
+ q: o$ l+ @: P$ pD EX 10.10.10.16/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
( X( l5 e" Y/ P' D2 qD EX 10.10.10.20/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
5 C! d- x3 Q' L/ Y' mD EX 10.10.10.32/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0/ B+ ]" O5 i% k
R15#ping 10.1.1.7
) ^7 L9 r( {# I/ z. d6 O1 WType escape sequence to abort.6 z+ N' b! h1 u; B2 m
Sending 5, 100-byte ICMP Echos to 10.1.1.7, timeout is 2 seconds:/ q2 I. s2 k. N2 O* S6 v2 r W9 w
.....6 C6 w! l# G) Y$ L v
Success rate is 0 percent (0/1)
" Y# w! |& E) l$ t5 o& p$ YR7#show ip route' R; f3 v( }% a( Q3 G+ z. z
171.1.0.0/32 is subnetted, 1 subnets6 B2 ^* j' b+ g% E$ b4 Z
O E2 171.1.1.1 [110/10000] via 10.10.10.25, 00:39:24, Ethernet0/3
! i, l8 `: @* n5 G( A5 A+ q# E0 g4 i8 q: I 171.2.0.0/32 is subnetted, 1 subnets
2 _, n& {, U% V2 @' U1 q- CC 171.2.2.2 is directly connected, Loopback10. A+ `9 S" Q% V" V
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks$ ?: d8 ^. g& E: G6 }8 z
C 10.10.10.8/30 is directly connected, Ethernet0/1
/ t- U2 _" A! z0 ^( r3 |% {O 10.1.1.8/32 [110/11] via 10.10.10.25, 00:39:34, Ethernet0/3
4 o, p. G+ R3 R5 P* _) GC 10.10.10.0/30 is directly connected, Ethernet0/0
0 G2 Y- O% H5 ]C 10.1.1.7/32 is directly connected, Loopback0& k; M( l9 j* Y3 W: i
O IA 10.10.10.4/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/3
) @0 e t; x$ c2 j. @1 o3 v" q# K% kC 10.10.10.24/30 is directly connected, Ethernet0/3
$ U: z" Y$ d8 G" z) YC 10.10.10.16/30 is directly connected, Ethernet0/2
- x0 U8 ~+ K7 E% E9 g* X4 ^O 10.10.10.20/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/3 Z# t% h8 c( L* o2 M7 G3 a. i
O 10.10.10.32/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/3
" M+ e/ ?0 K0 j8 yR7#
. z' H8 Y, m( E# V, W* B# I//我们R15可以正常收到R7发过来的路由,但是R7无法收到R5发过来的路由,说明R6有发送PE信息给对端,但是R3没有发送自己的信息给R6。& s$ y9 t+ F" I. R
//所以我们假定问题是ip vrf对于对端的配置问题,因此要去PE上检查ip vrf是否配置正常。) M) ]8 v) j" w5 W4 F! }6 H# e# Y: W
R3#show run | be ip vrf. p! N1 i3 m& g0 z: g ]( m
ip vrf site-b6 z3 L& j( |5 k* Z; }8 |
rd 20:10
1 ^! t1 F7 u: F route-target export 20:10 //是否发送RD为20:10的路由信息出去
4 y w6 m. F) v0 F route-target import 20:10 //是否对RD为20:10的路由信息感兴趣+ q6 X2 X! A* @' f: b
route-target import 20:20 //是否对RD为20:20的路由信息感兴趣
% |) S* b W! F$ A I* O" s, a/ {R6#show run | be ip vrf
( A" B7 q5 m8 X4 X6 ~ip vrf site-b
: L; Y9 ^& s$ E* `2 p rd 20:207 J) g9 a& `, v# E* ^4 e
route-target export 20:205 i! p$ x4 G) W4 m5 A- x
route-target import 20:20 {/ r+ A7 ~6 Q/ S
route-target import 20:10+ R7 u5 T3 o0 r3 i6 f
//这里可以了解到ip vrf 配置正常。) T. G( K& g4 k3 } s
R3#show run | b r b3 Y2 s! n3 K, r6 R
router bgp 3; _/ d1 |( U# a% \% `, ~( o- p* {7 H
bgp log-neighbor-changes
, x' l/ j9 r6 B& J8 Q4 H neighbor 10.1.1.1 remote-as 34 D6 g5 W# W& Z$ D; |0 {
neighbor 10.1.1.1 update-source Loopback0 _+ |$ ^1 z' W2 K0 \
neighbor 10.1.1.2 remote-as 3! J8 m: c' y7 C- R6 m
neighbor 10.1.1.2 update-source Loopback01 T, X5 q+ X7 v& u4 e
!2 @+ ]5 d1 L, v8 P! C6 U
address-family ipv4
$ G4 ]0 b1 G5 R8 b; U- B( b neighbor 10.1.1.1 activate8 w* ~8 S+ J8 K, G
neighbor 10.1.1.1 send-community
; ^( M5 z/ i' N" L% N neighbor 10.1.1.2 activate
$ F6 w& n& q- Q1 O; g. D: f neighbor 10.1.1.2 send-community
" e; Q) O8 }- |, Q no auto-summary
4 e* N; Y( |$ \5 o' c/ u9 F- w no synchronization
7 A8 d0 N% n/ ^ network 10.1.1.3 mask 255.255.255.255
. d# W( C( X& O0 I( z0 O exit-address-family( Y q& S, \ r, c8 b' d
!* N) x7 F5 r& c5 Q9 E
address-family vpnv41 x! K! R; |/ e7 Z0 k$ M2 `
neighbor 10.1.1.1 activate$ _, p& F* C, e! q
neighbor 10.1.1.1 send-community extended
% o- U; T$ K! C- `5 X neighbor 10.1.1.2 activate
: N6 O0 z! p+ n* L( {' ` neighbor 10.1.1.2 send-community extended$ R. [) e. M0 ~4 M
exit-address-family
, O- D4 F1 u: |. [( n4 p. e" D/ I6 f !" i, y8 g, A) [! r8 K) z/ j' y
address-family ipv4 vrf site-b
* i* \; P5 R* W( ]8 j0 k( A) @ no synchronization, I7 [8 P' z/ q( V
exit-address-family
" h4 Z% A8 Z/ w, s4 o//从这里我们发现R3没有把IGP重发布到BGP的address-family中。
+ T9 U. r# c2 P. {R3(config)#router bgp 33 O9 A7 \2 e6 C
R3(config-router)#address-family ipv4 vrf site-b
6 \5 B* V' @3 }5 B3 RR3(config-router-af)#redistribute eigrp 200
6 D/ h1 E, f, E) P3 v$ UR3(config-router-af)#
3 c. e x& H+ W8 m# e* Y//如果不记得命令,可以参考其他PE设备的配置,比如:R6
. g( R! B9 a; U; U) g* q! P( GR6#show ip bgp vpnv4 all summ
6 [9 G3 F8 T; S! m f! JNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd( }) K9 Y4 E$ z
10.1.1.1 4 3 78 85 29 0 0 01:04:51 3# o- Y3 }; A5 l& K* B0 s
10.1.1.2 4 3 106 97 29 0 0 00:06:05 3
! B, W4 F5 E5 d! r; @0 h' J. iR6#; c# |: I! }7 q8 h
//R6与R3成功建立了VRF连接,并且开始接收数据。
% Z( J; d7 e; n& e: tR7#show ip route
6 d3 w+ F" d* _$ K% q; H, `4 z8 y 1.0.0.0/30 is subnetted, 1 subnets
& h, E( i" Z, ], I2 w& [O E1 1.1.10.0 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0
/ o( Y: v+ |# C) i8 S, Z 171.1.0.0/32 is subnetted, 1 subnets
( G0 I" C+ G1 `& n5 J7 O( RO E1 171.1.1.1 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0
2 X( @) r. ~* {( I5 G 171.2.0.0/32 is subnetted, 1 subnets
3 g' n2 o; E& w/ M9 p; AC 171.2.2.2 is directly connected, Loopback10: Q4 P) b v6 b
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks6 z- m! U f0 L: H0 S1 G+ s; j
C 10.10.10.8/30 is directly connected, Ethernet0/1
: G- p% Q# O9 Z) d; ?O 10.1.1.8/32 [110/11] via 10.10.10.25, 01:08:07, Ethernet0/3, k( ]- k0 Z- _ n( p9 E: p9 v3 q
O E1 10.1.1.15/32 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0' s6 }* p! m& q6 a1 B) }
C 10.10.10.0/30 is directly connected, Ethernet0/0
: |1 l/ s+ @& _% e6 b9 ~C 10.1.1.7/32 is directly connected, Loopback0
# E0 I% ]) X9 ]" m4 x. [; H# CO IA 10.10.10.4/30 [110/20] via 10.10.10.25, 01:08:07, Ethernet0/31 y* K* z. j: g, o
C 10.10.10.24/30 is directly connected, Ethernet0/3
' x2 F+ @& @0 f; L" Q9 HC 10.10.10.16/30 is directly connected, Ethernet0/2
, b9 o. @* x1 s, a/ G( g: S3 x% [& LO 10.10.10.20/30 [110/20] via 10.10.10.25, 01:08:08, Ethernet0/3
9 } u5 i+ A( j2 @O 10.10.10.32/30 [110/20] via 10.10.10.25, 01:08:08, Ethernet0/3& l. d; m* T: o g$ f: e
R7#ping 10.1.1.15& V4 J- H f' S
Type escape sequence to abort.
, Z9 ~# {0 b$ A5 _/ d5 ZSending 5, 100-byte ICMP Echos to 10.1.1.15, timeout is 2 seconds:6 c5 E* W% l# |% h* T# ~4 Z
!!!!!# c; ~; W, A9 B* {" G
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/71/124 ms; x3 M) N- }' a( _) V2 R+ ]
R7#
/ |, m/ A8 ?7 O7 M# A1 b6 {4.CE R20 Loopback0 and CE R8 Loopback0 , there are can NOT ping each other’s.
- `1 O: F7 \/ ~( L' U4 S//如第三题,同样是先检查直连链路是否连通。6 v! J7 b6 I+ u: y# @6 J
R20#show ip int br: Q: m" }$ ]# n$ E
Interface IP-Address OK? Method Status Protocol
+ g" X& j% Q3 [" a" I5 {2 J7 S3 LSerial0/0 172.29.7.2 YES NVRAM up up
. a% W6 C2 k+ L$ d8 u//查看R20和R4之间运行协议是哪个。+ |$ }# |! u/ f0 t
R20#show ip pro! T* B' d; b& l5 R- d! x' F/ ?" B2 ?
Routing Protocol is "ospf 100"* J$ s) d8 |4 Y5 p
R20#show ip ospf nei+ w% \4 a( D! j3 I" ?
Neighbor ID Pri State Dead Time Address Interface3 u% L- t% R9 y- s
4.4.4.4 0 FULL/ - - 172.29.7.1 OSPF_VL0* K9 o+ S7 ~! j3 g p% w' A4 a
4.4.4.4 0 FULL/ - 00:00:33 172.29.7.1 Serial0/0* S+ P: f4 j1 v. m/ x9 x
R20#
6 ? S# _/ `- d g" A; ]3 o//可见,R20和R4的OSPF是FULL状态,并且是通过OSPF虚链路连接的。1 Y' f1 H! c8 D' b
//还记得第三题上面,我们发现的问题吗?R3在show ip bgp 表里面没有发现R4的BGP路由。4 w3 w8 \" @! e% N8 _5 d6 W
R4#show run | b r b
% P6 p7 u( E6 c) s* `6 f2 [router bgp 3
4 H6 C* l& G" j. F/ \; k6 a2 ~3 M! B$ M no synchronization" m- I2 z. r) c: ^1 y
bgp log-neighbor-changes5 @( q& x% E9 B% W* h
neighbor 10.1.1.1 remote-as 3( {* ~) C6 N. ^& ^5 F
neighbor 10.1.1.2 remote-as 34 I+ e) Q1 [1 h U9 v. S0 N
no auto-summary! q% _- g$ ~7 ], i: j q
!4 T/ v9 U# m# L6 y
address-family ipv4 vrf site-a& F9 \% K7 u5 E H8 O
redistribute ospf 101 vrf site-a
- y' t3 z; a$ y! C1 Z no synchronization2 `+ C) f, H' o( s) E: M/ A
exit-address-family% B/ l" G/ D" p* v
//可见,R4的bgp信息非常少;在此,我们把它补全,如果不记得命令,可以参考其他的PE设备。% a: K* ?$ A# D3 ~
R4(config)#1 ]- H/ F* g7 w+ S' b
router bgp 3: l" X# ^! K7 N! C9 @! F
bgp log-neighbor-changes
$ W) H5 K7 Y9 H neighbor 10.1.1.1 remote-as 3 b% k3 i* I* J/ _1 N$ W
neighbor 10.1.1.1 update-source Loopback0
3 Q, M; U4 m: Q5 x neighbor 10.1.1.2 remote-as 35 k% T* V6 L5 \" T' p5 |
neighbor 10.1.1.2 update-source Loopback0
c- x) q+ p; r$ `0 d+ u8 v- |" iR4(config-router)#address-family ipv4
" a3 A7 W$ ^& N1 \- R+ q. B' ?0 Y/ zR4(config-router-af)#neighbor 10.1.1.1 activate
: h3 [! Y; g6 _& T3 g( o, UR4(config-router-af)#neighbor 10.1.1.1 send-community
2 S: O6 p+ A+ H! b: A5 K; Q0 L3 wR4(config-router-af)#neighbor 10.1.1.2 activate
+ T' M" E n; FR4(config-router-af)#neighbor 10.1.1.2 send-community
* B: |- U* ~. [( D6 N*Mar 1 00:31:14.799: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Up4 F* g6 O8 ~% W/ @1 f! i
*Mar 1 00:31:16.255: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Up
1 P }! K) x; A2 p2 M1 t//输入完以上信息后,发现R4和R1的BGP邻居已经建立。
, Y4 ] |) w& R% D8 w//因为VPNV4的命令还没有补全,所以R1还是无法和R4建立MP-BGP邻居。; L: v, e- t) i/ g: b: F
R1#show ip bgp
' p" u/ ?/ Q8 e2 Q3 Z8 D" ?BGP table version is 13, local router ID is 10.1.1.14 q9 W6 U; L4 R0 d) I* H
Network Next Hop Metric LocPrf Weight Path2 [7 B* L- s5 _: W
*> 10.1.1.1/32 0.0.0.0 0 32768 i, W( I& b I0 I f. |
r>i10.1.1.3/32 10.1.1.3 0 100 0 i
% y+ t$ j# o$ J1 ^; E3 or>i10.1.1.4/32 10.1.1.4 0 100 0 i! V- Y8 m" f* H# b
r>i10.1.1.5/32 10.1.1.5 0 100 0 i
# _. E5 q9 ]9 d! L$ W0 z' tr>i10.1.1.6/32 10.1.1.6 0 100 0 i
/ e" c+ E$ O' W; uR1#show ip bgp summ' B/ Q+ n* [9 \( y2 R3 m$ z5 E
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
0 e# o7 r# Z) R7 Q10.1.1.3 4 3 38 53 13 0 0 00:30:55 1. Z' L0 [8 e- e
10.1.1.4 4 3 35 34 13 0 0 00:00:56 1
! P, w8 {- d0 n' ]& V M/ h10.1.1.5 4 3 50 53 13 0 0 00:30:47 1' _7 [, |2 p( {9 X/ r. d) m1 v+ Z
10.1.1.6 4 3 51 44 13 0 0 00:30:55 11 F$ H' \3 \+ Z
R1#show ip bgp vpnv4 all summ; y4 d* L7 A3 |, Y% G! ~! Y# j3 M
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2 @) B" d. N! g# O) _10.1.1.3 4 3 40 55 27 0 0 00:32:07 3+ ^& H. K o' f+ X
10.1.1.4 4 3 37 36 0 0 0 00:02:08 (NoNeg)
- t& B. ~ s! p( C- J8 e( z% o: n10.1.1.5 4 3 51 54 27 0 0 00:31:59 11
3 [. s- o& j0 k* H10.1.1.6 4 3 53 46 27 0 0 00:32:07 10; ?0 f3 H$ \- x& w
R1#
! S s5 a. i. g! P* D; P2 v% tR1#show mpls ldp nei
" z U( i( a! K5 I Peer LDP Ident: 10.1.1.5:0; Local LDP Ident 10.1.1.1:0: X" w V' c) x7 j
TCP connection: 10.1.1.5.32048 - 10.1.1.1.646
' h) X; t* o) n L5 C N State: Oper; Msgs sent/rcvd: 76/76; Downstream! E4 J! f: P, v6 `/ k" p9 R. F
Up time: 00:51:165 b5 _7 ?2 e: t* G- E
LDP discovery sources:
) T8 h% V+ a. ]+ @! C% z. V6 u Ethernet0/0, Src IP addr: 172.14.8.18, N' w( z6 h( p& V
Addresses bound to peer LDP Ident:
, B" @; B W% a G$ H% n X. @! ` 172.14.8.18 10.1.1.5 172.14.8.22
- ~( V) k) k) V+ Q Peer LDP Ident: 10.1.1.3:0; Local LDP Ident 10.1.1.1:0
2 h0 v; F. ]2 H& u3 F+ N TCP connection: 10.1.1.3.52528 - 10.1.1.1.6461 l2 ?. Q7 t V% T# |9 `5 H N
State: Oper; Msgs sent/rcvd: 71/72; Downstream9 p" @7 J4 X9 w2 {6 }$ ~
Up time: 00:47:56
6 w2 O: ~2 ?: y$ s Z LDP discovery sources:9 b! l% ]0 d9 q0 `
Ethernet0/2, Src IP addr: 172.14.8.6
( \8 {# X9 \- J Addresses bound to peer LDP Ident:
" w/ @+ c5 B& T9 o 172.14.8.34 10.1.1.3 172.14.8.6) _. \+ Q3 ~1 U6 q, b
Peer LDP Ident: 10.1.1.6:0; Local LDP Ident 10.1.1.1:0
) M9 k& h% j d/ I& Y7 Y TCP connection: 10.1.1.6.61959 - 10.1.1.1.646
+ o+ c1 Q& Y9 H. p* k8 y: ~2 @" b State: Oper; Msgs sent/rcvd: 71/72; Downstream
' @7 B! E8 j" A$ {1 l& m" j Up time: 00:47:55
# r- x+ }; b2 A8 P LDP discovery sources:
7 q' F4 y* r# B( J4 V) l* P Ethernet0/3, Src IP addr: 172.14.8.149 P1 D8 h. w: u8 `* _
Addresses bound to peer LDP Ident:
7 h$ [% F/ q) E5 b% p7 D0 L* B3 R2 m 172.14.8.26 172.14.8.14 10.1.1.6; j( l7 m2 ^9 S
R1#, q* B$ B0 `0 T2 A! g4 w M; X6 {
R4(config-router)#address-family vpnv47 Y# E; f2 e- E! [% o
R4(config-router-af)#neighbor 10.1.1.1 activate& D7 A' s( U+ F M& b# Z, P3 _
R4(config-router-af)#neighbor 10.1.1.1 send-community* q( D6 b# }% q* K2 ]4 Z# m, R
*Mar 1 00:35:11.695: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Down Address family activated/ ?1 A0 d. |, T: }2 x) D
*Mar 1 00:35:13.955: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Up# g( n& q9 j, I
R4(config-router-af)#neighbor 10.1.1.2 activate- h9 t) A1 k# _6 a" l
R4(config-router-af)#neighbor 10.1.1.2 send-community0 f8 H( F0 j/ |4 J, f. }
*Mar 1 00:35:52.895: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Down Address family activated
* E8 w" i, |6 @6 A*Mar 1 00:35:55.167: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Up
1 n# r. A' P( @2 qR1#show ip bgp vpnv4 all summ
3 z$ L0 |5 u7 X. q* f/ mNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd& P3 S& y" R2 [
10.1.1.3 4 3 43 62 33 0 0 00:35:17 3
1 ~- F+ j3 m$ o- ~10.1.1.4 4 3 48 63 33 0 0 00:01:18 6
' R1 M% S& B& f7 [, F5 E3 @8 L10.1.1.5 4 3 56 62 33 0 0 00:35:08 114 A- H9 D- f6 n) ^; u. a
10.1.1.6 4 3 56 53 33 0 0 00:35:16 10
: L& h4 L6 U' ]( B2 rR1#! O% ]5 r: r' e3 L! q
//R4和R1的MP-GBP邻居也已经成功建立。
* @0 @4 Z" G8 X) X' \//R1是P设备应该有4个PE设备的对端,而且从RID地址可以了解到R4没有在R1的MPLS表中,这个是上面出现的第二个问题。) C# \0 F% f5 @# J( L
//然后就开始补全MPLS VPN的命令,在补全之前,先查看R4的VRF名字是什么。
6 B E0 K1 Z* C7 l! F& n8 O, ~R4(config-router)#do show ip vrf
& b6 a% I% h7 ?* n8 U ` Name Default RD Interfaces
2 n6 x& m5 K" u' O& l, i* T2 P site-a 10:20 Se1/0
+ t/ n" ^* K9 Y! s* tR4(config-router)#1 F3 T( j9 j% o' x/ T* R
R4(config-router)#address-family ipv4 vrf site-a9 o. |/ r' z' A# f
R4(config-router-af)#redistribute ospf 101 vrf site-a match internal external 1 external 2
^% p4 s; V' N5 f6 ?' lR4(config-router-af)#exit* p& q7 u+ x, h" S& X1 f3 L" b8 I9 N
//命令补全后,检查IP VRF的RT是否配置正确。0 J: G" W0 t0 p" t: d: W
R4#show run | be ip vrf' u& Y3 b) Z B' T- O
ip vrf site-a7 p+ @9 L& t- Y( U2 L
rd 10:20$ x' q1 ^* v/ S! ~. P3 I' I* ~
route-target export 10:20$ W3 V6 U7 Q) \; T2 g6 f
route-target import 10:20 _, G* b R7 j/ t- Z
!( T. R, b) e2 R' P t& x' c+ a
!3 _: e) ]* M+ ~, L; c0 p
ipv6 unicast-routing) g" c) m5 d5 s) I |6 k
mpls label protocol tdp
. K/ k1 x5 U" e- K* R//R4的VRF目前只对自己的信息会进行接收和转发,我们应该增加对R5的数据感兴趣。! x" ?! v1 H# r$ z, v
R5#show run | be site-a
2 |% H6 C( Z. E( l/ I3 gip vrf site-a, E2 A; P9 E+ Z* E$ [
rd 10:105 f5 X4 r2 n# X/ k$ l
route-target export 10:10
7 ?' K9 h6 p& f/ b/ e$ ] route-target import 10:10% n1 c# E8 A/ }
route-target import 10:20
/ `, l" H% J4 y: N8 e( F5 rR4(config)#ip vrf site-a( _- i8 {/ K1 u ~) ^* B j
R4(config-vrf)#route-target import 10:10' i2 ^6 w6 v, W
//完成后,分别去R20和R8上面查看是否存在对方路由,并且进行测试。# D4 n ~5 K; f& j' @! b% l
R20#show ip route6 V$ x/ J3 c$ X: r: T2 Z b
171.1.0.0/32 is subnetted, 1 subnets8 g0 [* C" c9 L; e
O E2 171.1.1.1 [110/10000] via 172.29.7.1, 00:01:10, Serial0/0% Q2 S* @4 u# ]6 ?+ {
171.2.0.0/32 is subnetted, 1 subnets+ I b0 `+ x! R: j
C 171.2.2.2 is directly connected, Loopback1
3 t! h3 i9 _- ]5 t4 z# t C% j1 W 200.20.20.0/32 is subnetted, 1 subnets
! c; A. A" x5 e/ u! g8 \! VC 200.20.20.20 is directly connected, Loopback10; @5 ~4 y% o( e5 f
172.14.0.0/30 is subnetted, 1 subnets: m: ^: m0 ^, U8 ^. y; `$ C
C 172.14.9.0 is directly connected, Ethernet1/1
% w7 i( a2 z: G8 A/ W, V* I 172.29.0.0/30 is subnetted, 2 subnets
" d, ?! z5 W" I# F d$ q8 FC 172.29.7.4 is directly connected, Ethernet1/0
- L- I; e* ^/ S; i) B* c pC 172.29.7.0 is directly connected, Serial0/0' e6 h' M" x% `& V" O( F
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
9 N7 o( B. @* t9 x Z4 }! CO IA 10.10.10.8/30 [110/94] via 172.29.7.1, 00:01:15, Serial0/0
; w# K3 h& M. U) L }O IA 10.1.1.8/32 [110/75] via 172.29.7.1, 00:01:16, Serial0/09 L1 ?9 `; G- o1 h- @- M) b: f
O IA 10.10.10.0/30 [110/94] via 172.29.7.1, 00:01:16, Serial0/0, x. ?) f: f( a0 A" ]- P \9 u' R+ e
O IA 10.1.1.7/32 [110/85] via 172.29.7.1, 00:01:16, Serial0/0- _( q, O3 v, X/ |
O IA 10.10.10.4/30 [110/65] via 172.29.7.1, 00:01:16, Serial0/06 K6 @1 a! \- ~ x& _7 U: ^; ?
O IA 10.10.10.24/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/0
: G$ g4 J( E9 e5 w2 FO IA 10.10.10.16/30 [110/94] via 172.29.7.1, 00:01:16, Serial0/0
, t- q" Z0 f0 {# DO IA 10.10.10.20/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/0
7 ~1 @& V8 ?7 LC 10.1.1.20/32 is directly connected, Loopback0
+ }3 X" Y, F$ WO IA 10.10.10.32/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/0
& C/ D0 o9 o5 u# J# NR20#ping 10.1.1.8
5 p! p' f9 I; T: j2 x5 cType escape sequence to abort.
1 q% t3 Q- g3 h/ hSending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:
3 ]: V! q& _5 j& ^: ~.....+ f$ U ^9 U2 |' C. l
Success rate is 0 percent (0/5)
) y* {, u! b5 l9 c; q$ XR20#( Y: e+ L5 e. g) H o) ~" X& N
R8#show ip route
* g( m: r0 @8 I& k+ C* } f 1.0.0.0/30 is subnetted, 1 subnets, F6 l6 T: Y/ V0 x* B
O E1 1.1.10.0 [110/30] via 10.10.10.26, 00:10:36, Ethernet0/3( B! w" @; o% j1 ~2 z7 m
171.1.0.0/32 is subnetted, 1 subnets
+ F% z% a m6 w2 GC 171.1.1.1 is directly connected, Loopback1
1 Q# c. G8 _' l2 i5 E 171.2.0.0/32 is subnetted, 1 subnets
) U# \) p, i F- E+ Q* z9 CO E2 171.2.2.2 [110/20] via 10.10.10.26, 00:10:36, Ethernet0/3& k; r5 l( R1 ?1 u& n8 G
200.20.20.0/32 is subnetted, 1 subnets
7 x6 Q" U9 V$ k/ ?8 ]2 O8 ~: YO IA 200.20.20.20 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/22 E o7 e! f' C, x: ~2 p3 u
172.14.0.0/30 is subnetted, 1 subnets# R! P1 D9 a9 n7 q
O IA 172.14.9.0 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/2
4 }& } p4 P9 C; o, b 172.29.0.0/30 is subnetted, 2 subnets, i+ b$ Z& p" M1 Z
O IA 172.29.7.4 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/25 l4 n F. a4 H/ {9 Z
O IA 172.29.7.0 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/2
/ h6 w1 U) m4 q6 { j9 C 10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
, e$ m4 W0 y$ P0 N0 G! X" zO 10.10.10.8/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/34 W1 Q; P2 @4 Z! |8 T2 R
C 10.1.1.8/32 is directly connected, Loopback0
& a) A8 a% @7 |; B. E0 ~9 CO E1 10.1.1.15/32 [110/30] via 10.10.10.26, 00:10:37, Ethernet0/3
- T: X7 O$ v2 i" VO IA 10.10.10.0/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/3: I* o, M n# E9 v+ `; r- G$ j
O 10.1.1.7/32 [110/11] via 10.10.10.26, 00:44:38, Ethernet0/35 {8 a/ N% K# c3 e1 M
C 10.10.10.4/30 is directly connected, Ethernet0/2
/ w1 [- q7 @. m# S5 @ ?C 10.10.10.24/30 is directly connected, Ethernet0/3
9 U3 a8 g1 L; r: HO 10.10.10.16/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/3& {$ p# O8 g2 } [. Q
C 10.10.10.20/30 is directly connected, Ethernet0/1
* h: X G! W* d: \1 ~: x6 p0 fO IA 10.1.1.20/32 [110/20] via 10.10.10.5, 00:10:42, Ethernet0/2/ b1 M& I" R. V& |, a7 {, l% Q
C 10.10.10.32/30 is directly connected, Ethernet0/0
0 a6 g% j" g0 O- X, i- xR8#ping 10.1.1.20
( B2 a& c2 q w8 d" P" EType escape sequence to abort.
9 @# \! ^/ Z, B' Y2 }- zSending 5, 100-byte ICMP Echos to 10.1.1.20, timeout is 2 seconds:
0 [1 V* a: O P" O$ s.....
+ w; l$ N& y b. j6 USuccess rate is 0 percent (0/5)7 w; p2 [0 D4 F9 }
R8#4 @. n4 @7 j' P( i
//为什么两边的CE设备都已经存在了对方的路由,但是却无法ping通呢?+ W! ~8 L! G6 M5 U
//如果细心的朋友应该留意到我刚刚show的一段命令:mpls label protocol tdp U" a: `9 w5 P& U- A$ \/ z
//这句命令我相信大家都明白,是MPLS的协议类型不匹配,导致无法通信的
; n0 s! x* A4 ]' t/ e" @* ?8 ^" ]R4(config)#mpls label protocol ldp, s6 T- G* K# X5 t3 @, U: ~! A; s3 y
R4(config)#( L- G2 W2 r: h5 v3 I
*Mar 1 00:58:17.463: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.2:0 (1) is UP0 t' `0 n1 q2 q* A# s' T
*Mar 1 00:58:18.835: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.1:0 (2) is UP: e9 J. Z$ ~8 g, f# B/ N
//这时,R4与R1和R2的MPLS 也成功建立起来了,我们再测试一次。
$ j+ R8 O1 q4 q7 {" CR20#ping 10.1.1.8
) k, [% u; Y5 H, K/ ZType escape sequence to abort.7 o8 y& D4 }+ _5 B" F7 E
Sending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:; K7 ] Q- ^' R& w) z$ a
!!!!!
" O/ [' S7 `1 g$ U$ N4 nSuccess rate is 100 percent (5/5), round-trip min/avg/max = 88/122/184 ms' O' ^9 w1 g2 Y* Z/ Q* {) w t
R20#
6 p" T2 W, K) B# E/ lR8#ping 10.1.1.20
' p8 y& \; `& B; k+ `7 H) pType escape sequence to abort.
" M- I( P3 O+ n/ r( a$ D- fSending 5, 100-byte ICMP Echos to 10.1.1.20, timeout is 2 seconds:- {7 H" c1 n7 g1 [; ]7 I) u
!!!!!
/ p* y/ q, g; E0 J8 L4 D- jSuccess rate is 100 percent (5/5), round-trip min/avg/max = 84/128/156 ms
5 a9 l, B0 q# w, h) q/ FR8#
- F H9 r# S2 s9 A5.IPv6 R8 can NOT ping R4 loopback200 CC1E:1000:100::100, fix it.
9 a3 x( y, b4 Q: I* e# v" J* m! iR4(config-if)#do show ipv6 route
- p+ M2 N4 ?6 o- h) s# {9 ?7 FIPv6 Routing Table - 10 entries
4 d( ?! l- Z0 |& P, ZC 12::/64 [0/0]
7 Z8 b$ m* U0 J7 I! F2 R+ e% c via ::, Serial1/0. l& y" m* v- {% m
L 12::2/128 [0/0]/ g7 p/ A1 Z/ ]' a/ x& U
via ::, Serial1/0
+ Q9 U0 T" X" F, v8 cC 13::/64 [0/0]
& E: u, }# V5 r8 [% o via ::, Ethernet0/1
1 x# J6 h) j0 y4 _; \2 hL 13::1/128 [0/0]
4 ]* \4 _% O- r8 m via ::, Ethernet0/1/ ~ E/ p3 t6 N6 Y
C 14::/64 [0/0]
; G( g! R0 r5 @+ ] via ::, Ethernet0/2: V2 N+ M6 P6 @. x9 {
L 14::1/128 [0/0]2 g, K$ a: P6 k/ c
via ::, Ethernet0/29 D: z" R1 ^4 m4 ]% z. ~# |" j+ e
C CC1E:1000:100::/64 [0/0]; }* z* I0 N* F+ E- c: W ^
via ::, Loopback200) _# V# g- ~: y& c1 q* J
L CC1E:1000:100::100/128 [0/0]/ F/ b6 ?7 U+ a
via ::, Loopback2009 m. w8 R8 k/ n+ y# ]
L FE80::/10 [0/0]+ z- D+ z$ w2 b( L$ p! U8 [6 ~
via ::, Null04 ^4 g4 B! |- w8 A
L FF00::/8 [0/0]
3 E# y8 C0 P& v+ Y via ::, Null0
4 l/ ^, d0 n- Z; f) r$ ?6 E( {2 x//只有直连路由和本地路由,查看R4是否加入到IPV6的协议中。3 ]. X5 P: I. |& n+ x3 o4 d& R
R4(config-if)#do show ipv6 pro$ J% y3 z- c8 V# ?. u
IPv6 Routing Protocol is "connected"; N0 G. ^6 F+ A0 d2 R& K
IPv6 Routing Protocol is "static"( I _0 q; J! f* l J0 B
IPv6 Routing Protocol is "ospf 11"' R: N3 C2 z; ]4 j& Z
Interfaces (Area 0):. L1 Z9 f; `5 \& a6 s- Y
Serial1/0: l4 I& o% |6 X; S9 k1 H! ~
Ethernet0/2
( y( E& o4 B n# |+ h* P5 D Redistribution:
1 q7 y) r9 ^7 ^' @9 P None9 b; \- W+ f1 ]7 G- J5 o
IPv6 Routing Protocol is "bgp 3"
3 K' d8 Q/ n( V$ U3 L& t7 k3 F IGP synchronization is disabled# b& y2 _& j7 M1 u" o
Redistribution:! T/ O$ X3 M7 q
None6 x; Z% G" c8 Z0 S' I5 e% x# E
IPv6 Routing Protocol is "bgp multicast"( \. u% S* ^6 l7 K3 F# E
IGP synchronization is disabled- Z6 X3 h2 U. D7 I2 K7 {
Redistribution:
" m* m7 h( Y1 ?% _" S* m H None
% l B. Y5 y* `' J! S& OR4(config-if)#
* {# n+ N' j/ P+ m- S//IPv6运行了OSPF 11,并且在端口E0/2发布进了OSPF
3 f& U7 o1 z6 a8 c5 [4 ^" b% }# S' ?+ pR4(config-if)#do show run int e0/2
9 N% F/ K. q$ e; C; d }, Vinterface Ethernet0/2# P+ p0 m& _0 }* u# j
ip address 172.14.8.30 255.255.255.252. c9 V1 c/ {" Q+ O% I. ^: E7 r
ip ospf message-digest-key 1 md5 cisco8 F2 Y8 o# I0 l) x) S
half-duplex
* o) C/ x/ e/ E0 `: G% B+ g ipv6 address 14::1/64
) Z) S4 q& `7 r. O2 A- @+ ~ ipv6 ospf 11 area 0- k9 Q1 \' K: @4 ~! e
mpls ip6 p% t8 T/ @" Q, A1 s! n& F
end
) q( g! ?4 P, j/ P//沿路查看所有的IPV6信息. ^9 T$ C4 _$ Z8 P( `
R1#show run int e0/1
, S# P) g$ x" c' A$ P ipv6 address 13::2/64
& f- R" y3 H" ^+ R8 S; |& i4 Cend
$ D$ F' Z: t p1 K% m& b; N6 ~R2#show run int e0/26 b1 b' C1 |( V9 _3 n
ipv6 address 14::2/64
" X1 K! Z0 L6 r+ P' Y4 Yend
$ i8 `4 e8 C% c4 p/ F t//R1和R2的IPv6端口信息1 k& A Y4 S: u1 Q& L! P
R1(config)#ipv6 unicast-routing
+ ^0 K. _ Y: Z, A4 y$ ^- U, b8 {R1(config)#int e0/1
6 Y l& H; \+ E+ i4 U- ]6 bR1(config-if)#ipv6 ospf 11 area 0
$ y+ f1 V$ |' q# P7 ]6 B& xR1(config-if)#9 i0 T6 A7 U. J& K
R2(config)#ipv6 unicast-routing
( A: U, } D- u$ jR2(config)#int e0/28 r3 u( Q- c7 E+ W. M/ A# h( l' a
R2(config-if)#ipv6 ospf 11 area 0& ]0 N0 M7 Q9 ]; D' e! ~
R2(config-if)#' c% F- y5 J) @+ c0 @/ P. u. k1 `
*Mar 1 01:21:47.119: %OSPFv3-5-ADJCHG: Process 11, Nbr 172.1.1.4 on Ethernet0/2 from LOADING to FULL, Loading Done
4 [) i/ H- H8 G9 d2 ~2 ?4 L//在接口简单的配置完IPv6OSPF命令后,R2和R4建立了OSPFv3邻居,但是R1没有和R4建立OSPFv3邻居。8 g( s: O) B5 h$ t& `
//去连接R1的R4e0/1接口上看看。
5 V% e7 P" X, Q. s3 F3 v; n6 [4 h2 q' BR4(config)#do show run int e0/1
( S. @9 E+ ~" w/ Qinterface Ethernet0/15 i- [* b7 M. f9 u' ~) H
ip address 172.14.8.10 255.255.255.252
) ?; p: V1 j+ o8 V- M ip ospf message-digest-key 1 md5 cisco
' [$ n* v- p$ t- K7 Z half-duplex
" s! e: ?$ L9 j; b& l$ M ipv6 address 13::1/64' m% t1 Y C- ^" r( Y
mpls ip
' m) [3 m+ j9 ^; z( k8 a$ X//R4的e0/1也漏打了命令,补充完整。/ l6 N. g2 m( i9 ?0 S
R4(config-if)#int e0/1, L& D# N& a8 f2 K$ y. s( j
R4(config-if)#ipv6 ospf 11 area 0
+ }% B% t1 r( cR4(config-if)#
4 r( m/ q0 s+ ^ R1 J' s4 u*Mar 1 01:28:25.979: %OSPFv3-5-ADJCHG: Process 11, Nbr 10.1.1.1 on Ethernet0/1 from LOADING to FULL, Loading Done$ |6 I- [( |" c/ w. o5 u5 |5 ~. H1 |
//继续往下一段链路检查* K" o. b) v: Q2 r, T
R1#show run inte0/0
% s. s. A3 k, V& V% `" r: J7 x G& Q7 X ipv6 address 15::1/649 j/ |! m$ i1 r- j$ u" ~
ipv6 ospf 11 area 1( c' S$ i6 w* M, x3 D) E! c* J' E
mpls ip* W$ V7 P, A$ t; w4 h+ G
end. h& ]0 K! y/ O8 [
R2#show run int e0/3
2 v0 I' ?$ o, ^1 ? ipv6 address 16::1/64
$ w+ A; J0 Z4 O8 q" xend3 W- j. n2 m( R. M( m
//参考R1,并把R2的e0/3接口命令补充完整。
& M; g/ ?' c) I8 XR5#show run int e0/06 P1 P, ]0 M; `9 n
ipv6 address 15::2/64# o' H5 D3 A$ Z2 j+ M1 C% m
ipv6 ospf 11 area 1
# I$ R1 _' o* w! L Z: o5 l mpls ip
8 ^" t0 U4 t/ H" d$ L3 ?7 L, ~end
) S: v% S) F- ]) \" s0 [R5#show run int e0/30 W3 q5 L; I; G
ipv6 address 16::2/64. I1 K! H& }' [
mpls ip5 H* X8 o3 @8 a# x( b
end0 r* g5 I& s: W, A4 t* Z
R5(config)#int e0/3) D5 V* a6 U) g1 i- U8 Q% S
R5(config-if)#ipv6 ospf 11 area 1
* [- O) {" T8 mR5(config-if)#+ ?! m6 R, p* p4 W4 \
*Mar 1 01:33:05.923: %OSPFv3-5-ADJCHG: Process 11, Nbr 10.1.1.2 on Ethernet0/3 from LOADING to FULL, Loading Done
5 [/ c( F8 G, L# t4 Z, `: m6 hR5(config-if)#do show run int e0/2
; J- N7 |# b, o3 j; D ipv6 address 17::1/64
2 U7 }6 A; z2 G |% r) R# I ipv6 ospf 11 area 1
; ~! @- G% T5 w; T& p1 ]: }$ Q( lend
* p: n/ ?$ _" B//R5同上
4 c% \9 p) B( E h! N& ?- E2 ]R8#show run int e0/2+ W6 w* V- f* B& I- ?
ipv6 address 17::2/64
3 A6 v7 G: l0 j3 H0 O% A$ b ipv6 ospf 11 area 1, m, L3 E. I6 L& t' S. y3 ^3 f5 B
end) ]2 A) j/ b9 ?* `' G; h, N
//当查看完R8的端口后,发现基本命令都补充完整。接下来查看是否有收到IPv6路由。: t( n& f- X4 A
R8#show ipv6 route
. v( I/ @5 B8 e. ?+ R/ S- y1 I! E5 L/ cIPv6 Routing Table - 9 entries
: I* u# [% u# J. g' ]8 YOI 12::/64 [110/94]) g8 J0 h C1 j" I, h
via FE80::CE0C FF:FEA8:2, Ethernet0/2
) A" ~6 X5 r/ d/ d% ~OI 13::/64 [110/30]( U3 U. s7 b, W
via FE80::CE0CFF:FEA8:2, Ethernet0/2: ~2 j4 m8 F9 q0 Z
OI 14::/64 [110/30]
( Q: p$ W& q/ | via FE80::CE0CFF:FEA8:2, Ethernet0/2
9 w, s" ~$ N2 Q$ V1 T8 oO 15::/64 [110/20]+ [# y; P0 Y2 Q* T9 ]
via FE80::CE0CFF:FEA8:2, Ethernet0/26 H& w' \/ V: }# D
O 16::/64 [110/20]$ ~3 N0 y! L/ c- L" E
via FE80::CE0CFF:FEA8:2, Ethernet0/2
) w% |: H: j2 tC 17::/64 [0/0]
0 l: u2 G% }' u+ G via ::, Ethernet0/2
' q" |- p( H5 z7 I9 K/ tL 17::2/128 [0/0]
0 g" A$ M; Z. p d6 U via ::, Ethernet0/2) C' f6 V$ S2 H6 r" }0 L
OI CC1E:1000:100::100/128 [110/30]! V( H% q3 [ E5 i
via FE80::CE0CFF:FEA8:2, Ethernet0/2
* ]$ d, M, p8 T- O. Y, s0 z) DL FE80::/10 [0/0]
+ g; @# P; e" z( r6 W via ::, Null0; {; z. }( x8 ~, p. |; r$ d
L FF00::/8 [0/0]
: ? t9 C2 g! j, M8 M* W0 l via ::, Null07 {/ t) e4 ]" Q! x& J
R8#
9 y0 m. {0 J- i3 Z1 N+ O//R8已经收到R4的两个分别连接R1和R2的端口的IPv6路由以及R4Loopback200的信息。& e# T8 V% `" `, N5 L3 h1 G
R8#ping 13::1
) x2 n" R6 v( J- T- fType escape sequence to abort.
& n8 M9 A+ d7 ?# F ?, g5 ASending 5, 100-byte ICMP Echos to 13::1, timeout is 2 seconds: f# |) x8 R/ k8 j' Q/ b
!!!!!
: s7 o' J2 m# G6 K8 k' fSuccess rate is 100 percent (5/5), round-trip min/avg/max = 48/120/256 ms
. s6 f" f/ J+ @- t+ |) E8 L8 w6 mR8#ping CC1E:1000:100::100
, k1 x- s* T+ h0 _- w9 v7 ^Type escape sequence to abort.% M+ q5 L# e" P6 ]! W, W
Sending 5, 100-byte ICMP Echos to CC1E:1000:100::100, timeout is 2 seconds:* E8 |8 m; L) K0 l7 [
!!!!!
A: v) }5 U1 U9 h$ [3 ]Success rate is 100 percent (5/5), round-trip min/avg/max = 68/85/120 ms% c. T4 } B# Z; h; D
R8#
! I# Q- c$ `+ d1 F z& f6 J; P: d5.R22 and R23 can NOT established ospf neighbor.5 S1 X2 ?. ]4 L
R22#show fram map1 ]+ o' Q( C. y7 W; n0 G
Serial1/0 (up): ip 172.14.9.1 dlci 22(0x16,0x460), static,7 g) ?0 n& P- E% s
CISCO, status defined, active2 k6 n6 q. {3 W: @8 j+ ^6 d
Serial1/0 (up): ip 172.14.9.2 dlci 23(0x17,0x470), static,
5 L6 r5 G1 k9 \8 ~ CISCO, status deleted
/ N. E; S- G; }& `+ d$ KR22#! d6 R% t" K$ i: E$ U
//因为中间有个帧中继,所以出现问题先查看帧中继链路是否正常。! w# N0 ~! R: F9 a: i" k# ^
//从show fram map 就可以发现R22的邻居172.14.9.2 的DLCI错误。1 v5 {6 y" Y# k$ D" S3 c( v
R22#show run int s1/09 L: ?8 e0 h7 @
interface Serial1/0, x; r& t8 U" P6 C( v
ip address 172.14.9.1 255.255.255.2527 A5 x/ d: a) B3 b+ }# A6 ?9 d1 w
encapsulation frame-relay3 k0 X1 x4 W( _: V/ k
ip ospf authentication message-digest
* V% H; c6 W6 @9 _( ~: h ip ospf message-digest-key 1 md5 cisco/ O3 |1 @6 L4 L Y- N. Q
ip ospf network point-to-point
6 B0 c4 h1 k4 Y$ L4 C serial restart-delay 04 J ?; |/ c" r8 s" C- @& r
no arp frame-relay; Q' M' W: Y8 `9 \6 u5 g
frame-relay map ip 172.14.9.1 22
$ r4 E! R; a6 D& ]2 p frame-relay map ip 172.14.9.2 23
0 N( J( c/ a# j+ {4 c7 h& d* q$ j no frame-relay inverse-arp
# n- w) B4 Z. c1 ^9 P: l: R frame-relay lmi-type cisco
# c, ~$ S: B" L( _7 D; E5 ?end
% p Z# X3 Y+ s5 @5 |//帧中继链路关闭了自动映射,所以要手工配置。
( ?0 m- e/ h, E( |# l6 k//输入的是本地DLCI号,以及修改成广播方式学习。7 @4 Q! h+ B( j+ V/ g
R22(config-if)#no frame-relay map ip 172.14.9.2 23* Y* X; L1 E4 x8 P5 _$ S% F- q
R22(config-if)#frame-relay map ip 172.14.9.1 22 bro2 J# L9 B; [. \) V6 f8 \# |
R22(config-if)#frame-relay map ip 172.14.9.2 22 bro9 c) X- l* n0 t' `
R22(config-if)#
- O/ n- j% {9 n# T//R22修改完成后去R23上进行同样的配置。8 T! t, |) y2 c1 t4 I' `$ p
R23#show run int s0/0
- @$ I" q/ i& b* Z; Minterface Serial0/0
6 x/ c7 P4 e# g; j i( Q ip address 172.14.9.2 255.255.255.252( ]; L. x1 {' c$ {8 s; g' x
encapsulation frame-relay
5 w! g$ e9 ~6 D* {, Y! p* R ip ospf authentication message-digest0 {% ^8 E; h6 [4 n. z
ip ospf message-digest-key 1 md5 cisco
6 Z+ J# u8 w7 K3 @. @ ip ospf network point-to-point( {& i' ^9 o- X5 N5 Y8 L
serial restart-delay 02 c' {0 ^' W' \
no arp frame-relay; g1 ~9 P) Y/ g9 ?) {* B8 e* C: d
frame-relay map ip 172.14.9.1 22 broadcast1 Z9 l! _& z% v; k( D
no frame-relay inverse-arp
. D- N) X* e' }( v7 X: g, g7 w/ a7 n frame-relay lmi-type cisco/ @' C' F4 {1 Q/ k( [- ?' g
end2 q% R6 X* M* h, h& w
//本地DLCI号配错,并且少了自己的帧中继映射表。
f i- R3 v* P0 |- f" w//插播:为什么要配置自己的地址?
* o' [' I4 [ K6 l3 M 因为帧中继链路如果想ping通自己的地址,则需要把数据包发送给对方再返回,4 }; f: N$ M& n5 z4 K4 g/ u
在没有配置映射表的时候,数据包不知道这个没封装的包要如何发送,所以会失效。
1 |; N3 Z+ @+ B8 A" x: i$ WR23(config)#int s0/0
' \+ S/ T6 u' c9 @# E. p, hR23(config-if)#no frame-relay map ip 172.14.9.1 22 broadcast. Y. x" L) D. `5 K; d
R23(config-if)#frame-relay map ip 172.14.9.1 23 broadcast. Z0 E) ]( b, t1 |, S1 m7 ~' P
R23(config-if)#frame-relay map ip 172.14.9.2 23 broadcast4 O+ U0 h$ {" a
R23(config-if)#
4 ~" K0 h) _ u*Mar 1 00:16:23.083: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.1.22 on Serial0/0 from LOADING to FULL, Loading Done
* W x. c$ b# H- {; N4 QR23#ping 172.14.9.1$ ]+ Q2 ^( |' S$ Z* e# K
Type escape sequence to abort.
9 z' h# K% i1 f5 |2 mSending 5, 100-byte ICMP Echos to 172.14.9.1, timeout is 2 seconds:
. q6 \5 _0 S0 x+ m!!!!!* K0 I# c) A/ l; J6 c
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/33/64 ms
3 U/ \. H ]. O, C* x; y! m8 V( vR23#ping 172.14.9.2
% ^4 M) f/ m; Q7 ~: F5 s, W6 VType escape sequence to abort.; j: M, H4 a ?- i: x5 h7 z
Sending 5, 100-byte ICMP Echos to 172.14.9.2, timeout is 2 seconds:/ r3 X* Q/ Z/ b+ p' r0 k
!!!!!
' N* a6 E h; D$ {5 }4 u0 lSuccess rate is 100 percent (5/5), round-trip min/avg/max = 48/76/132 ms
5 P( F+ ?' F) N9 K% m8 @: KR23#) J. T6 ^) m9 z
6.Following the diagram, R20 logging in R23 should be NAT, please figure out the questions." m7 U j+ @& `$ t; k- ], l
Pro Inside global Inside local Outside local Outside global
: I Z4 D) W' ltcp 172.14.9.1:18335 172.29.7.5:18335 10.1.1.23:23 10.1.1.23:23# T" d5 z& `/ @/ V
tcp 10.1.1.22:36018 172.29.7.5:36018 10.1.1.23:80 10.1.1.23:809 d/ L1 [+ o7 W. s# z1 P7 o
1 ?$ r$ k) \, ~1 n% }, t# c
//R20登录R23会出现地址转换。从拓扑图中,我们可以知道R22是NAT服务器,我们主要解决的是服务器的问题。/ [0 c- ~4 |( I0 @5 F3 Q3 j4 ~, a
//根据上图,我们可以得到的信息如下:3 s4 H* a: f3 J4 I) p5 A+ S T
R20的e0/1口以上,是内部区域。
1 |: V8 [! Z% f jR20的s1/0口以下,是外部区域。R20的内部本地地址172.29.7.5在通过R22NAT服务器的时候被转换成172.16.12.1来连接到R23的Loopback口的23端口。
$ X5 X2 D! W3 PR20的内部本地地址172.29.7.5在通过R22NAT服务器的时候被转换成10.1.1.22来连接到R23的Loopback口的80端口。
9 m+ W3 S: t+ c0 N1 l3 `R22(config-if)#do show run | be ip nat
" N' N2 m1 o7 T" fip nat pool aa 172.14.9.1 172.14.9.1 prefix-length 24# {) ^+ C; C! {/ ^% r
ip nat inside source route-map b pool bb overload! X' z( S3 d+ J5 l+ |
!- N8 k4 m v1 w! a3 j6 r! D
access-list 100 permit tcp host 172.29.7.5 host 10.1.1.23 eq telnet
# M) q" {) X8 z y! taccess-list 110 permit tcp host 172.29.7.5 host 10.1.1.23 eq www; x; E9 q! J* q
!
2 X; p$ _' F2 b. Hroute-map a permit 109 C: b$ [! @) n* Q: S8 R" v {
match ip address 100
# z& _* \0 a5 \ f!, }$ s2 ~" K5 c) K* H3 C$ W
route-map b permit 10
! |7 ]5 @& d# G2 }8 _$ a3 z!
2 I7 }- b" r U1 Q7 h' x8 x3 Y//在这里我们发现有两条访问控制列表应该被使用,但是目前只使用了一条,包括其他所有的命令我们需要补全它。
# i9 B3 N( z( g1 H% sR22(config)#ip nat inside source route-map a pool aa overload. U* s1 w8 X3 g. L4 d7 o* Z
R22(config)#ip nat pool bb 10.1.1.20 10.1.1.20 prefix-length 24
0 O# a+ ?- R6 T6 y- y; I' o. lR22(config)#route-map b permit 10; d" {- F+ ^; j5 q# q% A
R22(config-route-map)#match ip address 110
/ u7 X! R) g8 g; Z. d) K _2 V* {: oR22(config-route-map)#exit
: T" y% Z' `& Q. _//完成后在R20上尝试是否能登录过去: `+ H! L y0 L! e/ Q
R20#telnet 10.1.1.23 23/ m8 h$ ?6 z/ C" T. N
Trying 10.1.1.23 ... Open: _1 ]& b; v8 J$ r% {
User Access Verification
0 O6 g$ u% X, A r2 r2 [Password:
9 l# ]! C+ M# I. ]" n4 HR23>exit
; g3 f/ k, }2 d7 U! z: b6 A; AR20#telnet 10.1.1.23 80" z% W( n! Q. b, A4 \
Trying 10.1.1.23, 80 ... Open8 k7 c7 e' d) y" {. `5 W
exit1 F) y& U, v- y3 g5 n9 x7 ^9 f
HTTP/1.1 400 Bad Request
+ L5 f1 e7 _3 q% m6 DDate: Fri, 01 Mar 2002 00:06:38 GMT
# F, F* q' a* }1 T5 ?. IServer: cisco-IOS6 Q2 a0 m5 Z+ k1 _2 H
Accept-Ranges: none
% A* z7 ^2 `6 P' l2 M400 Bad Request' {" z4 i, H% T, M3 s
[Connection to 10.1.1.23 closed by foreign host]" v( e: N# z6 E- v( d" Z6 _. f
R20#
2 W! |, m* k0 z1 N5 b* ?7 M- d* [3 m//在R20上测试完后,我们去查看一下R22NAT的转换表
' }0 H+ S( U" X( nR22(config)#do show ip nat tra4 J7 [# M; [$ A! |
R22(config)#
$ n M% p8 f: G4 b1 X//转换表是空的。去检查一下接口是否启用了ip nat inside & outside5 D2 P' R6 N; ~- @1 g- k
R22(config)#do show run int e0/1
- R6 n w, [( Q+ ~ ip address 172.29.7.6 255.255.255.252
" F5 _" R3 d, O+ |2 {9 T half-duplex
1 j' i# z: ]( B# Pend
" u8 {6 s; Q2 r3 _1 C2 a" sR22#! [3 z& | j, o; q
//把两边的端口同时进行补全。- |! b) ]: d6 P: x7 Z
R22(config)#int e0/1
* V0 @+ O5 p, J4 q; p9 C0 U6 |R22(config-if)#ip nat inside9 t( Y' Z2 ]! G8 _. w
R22(config-if)#int s1/0- Q9 Q0 K7 ]$ } S/ S, f8 o1 V
R22(config-if)#ip nat outside# t8 d. G8 n/ _8 W
//完成后测试
/ O: i5 w2 ?8 b/ Z! SR20#telnet 10.1.1.23 809 {" ^; M s& n3 x2 Y( f& m& y
Trying 10.1.1.23, 80 ... Open
9 {% m9 H8 o: m3 |$ rexit
2 \3 s, [; g8 [. Q: R' L0 fHTTP/1.1 400 Bad Request! w, V' Q( ^5 u- _! C. ~
Date: Fri, 01 Mar 2002 00:08:37 GMT% n. o) w+ l' G- A0 r
Server: cisco-IOS' Q8 w" s% c, X) I7 Z5 c/ M% i
Accept-Ranges: none M" q& a: m* R; R# S3 C* B. d# j
400 Bad Request
: Y/ Q$ j. B+ \3 Y7 e M[Connection to 10.1.1.23 closed by foreign host]/ J1 o6 u$ z4 f2 e" T
R20#telnet 10.1.1.23 23
3 p, s" D h8 P3 eTrying 10.1.1.23 ... Open0 Y% q/ _& H* z* i: V* ]; J
/ Z9 c* `3 @& a V5 x2 H# L8 ?
User Access Verification0 e- i/ L3 s! O# m# [8 S
Password:
3 `8 A0 v; _8 K, Q' \R23>exit
1 |$ R$ w. W5 G( y' k[Connection to 10.1.1.23 closed by foreign host]! p* |/ I; b2 y$ m9 o
R20#+ S; W* t# E$ [% N/ q# I3 h
//测试方法: b0 S0 y' }' D3 T4 Q9 T# _% [
R22(config)#do show ip nat tra# E& v1 e* G& K! o- T, t. q
Pro Inside global Inside local Outside local Outside global4 F% Y n+ u# R1 }; t [
tcp 172.14.9.1:22209 172.29.7.5:22209 10.1.1.23:23 10.1.1.23:23
$ i( C- [- j$ z0 t, Ptcp 10.1.1.22:56248 172.29.7.5:56248 10.1.1.23:80 10.1.1.23:80
& L. }* o2 q. Q( D( [R22(config)#
! U( p4 i6 i9 D+ A4 k! i//结果输出
3 |% b& ?: [; h. C4 ]% v/ Z7.touch off the EEM run when the R27 ethernet0/0 administration down.6 f0 p9 L9 M C6 W# |
//这题的要求是当R27的e0/0手动shutdown之后,触发EEM执行no shutdown命令。& E5 t+ q+ r- u
//首先我们可以先要知道手动shutdown了E0/0后的命令是什么。9 t# X: J4 {7 Z) B
R27#show run | be event man
5 ?* s( E, D% M9 Zevent manager applet xx1 r R( z3 ~$ e
event syslog pattern "down down down down"
A! Z1 T7 a' c! {' ?. I action 1 cli command "enable"; X# ]# K9 h$ N0 @# Z& C/ M; q
action 2 cli command "config ter"
?' u5 D8 f# s$ y action 3 cli command "int lo0"
& R3 k0 c8 G( ~) [* W action 4 cli command "no shut" Q0 A' g0 T3 l" V
!
- r0 x, o6 e) @0 V- Zend
2 o4 v, r9 X- x& U//这段EEM有有两个错误,一个是截取的内容,一个是进入的端口。
0 S5 S* ~: _1 c+ I- ~R27(config)#int e0/0
& Y0 B+ ?8 w# _R27(config-if)#shut
) |4 l0 ^' K! N) H) {9 E2 bR27(config-if)#- M, @; w) }6 m0 O" L$ f9 W
*Mar 1 00:04:44.379: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down8 P, P+ g$ s0 B8 @
//我们要引用上面一句话,所以通过这个方式来提取信息是最安全的。7 Z5 }6 Q$ ?1 F8 f. E2 B
R27(config-applet)#no event syslog pattern "down down down down"% f- r+ {( n B$ w0 p* V; v" B; L
R27(config-applet)#event syslog pattern " Interface Ethernet0/0, changed state to administratively down"6 V* t1 l5 r! L; x- i
R27(config-applet)#no action 3 cli command "int lo0"/ a" N$ S* F0 o: u: n: K) P
R27(config-applet)#action 2.1 cli command "interface ethernet0/0"
* a: V4 L4 A- N8 F' _; Z//输入完后要no shutdown端口才能生效。/ A2 B; ]" h; L# x
//接下来,我们进行测试。( r+ ^. }! ]! e. @
R27(config-if)#shut
/ j9 q; p: @3 }# \R27(config-if)#* D0 ~# m6 F# _
*Mar 1 00:12:40.283: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down) O( |6 }; j; P. W# {
*Mar 1 00:12:40.687: %SYS-5-CONFIG_I: Configured from console by vty0
0 j& P. Q# K4 K. X& S*Mar 1 00:12:42.547: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up% h- _, G5 P/ h4 U
R27(config-if)#
9 f6 o; m+ V) W) d8.R20 loopback0 can NOT ping R26 loopback0.
! {; p G$ ~( L6 e0 [1 {" ?0 ~( x//先去R26查看端口的IP地址情况。0 v* c, v4 Q. X- h$ r
R26#show ip int br" V) [# W2 N& `' U7 A
Interface IP-Address OK? Method Status Protocol* W' @ N1 r7 ^9 ]& f; m x
Ethernet0/0 172.14.11.10 YES NVRAM administratively down down
6 Y5 M' q) z. }" Y# i, L8 o& TEthernet0/1 unassigned YES NVRAM administratively down down
- ~" z" K! f: y0 A7 t$ u) DEthernet0/2 unassigned YES NVRAM administratively down down6 t% u* P3 o' B( f. G4 |: f
Ethernet0/3 unassigned YES NVRAM administratively down down
B8 ]7 m9 q( [7 B% i4 W$ C- ^Loopback0 10.1.1.26 YES NVRAM up up
8 M! n7 C2 W) J' ` c# D4 Y: lLoopback100 198.168.20.1 YES NVRAM up up
+ j" O3 H8 q1 Z! R: a( }% YR26#! ?& X0 Q) Y5 j! a+ d2 @
//把E0/0端口打开。, k3 j# y- l6 d
R20#ping 10.1.1.266 E- b) U2 d- C) c
Type escape sequence to abort.' w) E$ }: n, c( O* D
Sending 5, 100-byte ICMP Echos to 10.1.1.26, timeout is 2 seconds:
6 ?! C8 R x6 O* m0 m ^1 D% M!!!!!
! a% d( x& K! b8 b4 b/ CSuccess rate is 100 percent (5/5), round-trip min/avg/max = 56/72/104 ms: Z6 q0 n5 e: `- u
R20#
) L- @! a C4 v6 s! lR26(config)#do show run | be r o
, p0 U9 p5 w9 u" W0 @: erouter ospf 100. R, L3 ~( p7 f+ @3 ^" O, [
log-adjacency-changes/ L' L4 w3 K+ q( r
area 1 authentication message-digest! i. n. F! O2 [5 s% t9 B
area 1 nssa
+ T7 W. Q3 ]+ D: W1 o redistribute rip subnets route-map conn1 R$ W/ Q( J" R+ c9 U8 n
network 10.1.1.26 0.0.0.0 area 1
9 l, V z& ^, ?7 h9 N7 R network 172.14.11.10 0.0.0.0 area 1
+ N, u: M: Q- M% k. d s' groute-map conn permit 102 O. r* L% B0 a3 g
match interface Ethernet0/2; t* n1 ^# i* s
//RIP重发布进OPSF匹配了route-map,解决方法可以把Loopback地址加进去,或者把route-map删除。
. A6 r( A1 Z4 r4 yR26(config)#route-map conn permit 206 l2 O: r/ b# { `" I: R
R26(config-route-map)#match int loopback 100
1 @/ `# l$ Z0 Z' }R26(config-route-map)#exit" D% X1 W" k5 A, y2 r5 {3 r
R20#show ip route | in O E2% e# T" F1 v2 F7 Z' a9 p% U9 j- T
O E2 198.168.20.0 [110/20] via 172.14.9.2, 00:01:13, Ethernet1/1/ }% p6 @( a; t" t" t# _
R20#! [3 n" O% N b: _
R20#ping 198.168.20.11 y5 x2 O7 I5 t
Type escape sequence to abort.' e/ D A4 k, F& W
Sending 5, 100-byte ICMP Echos to 198.168.20.1, timeout is 2 seconds:
0 F9 Y. M: q- W- x9 [!!!!!
: k9 B& M! z5 W: zSuccess rate is 100 percent (5/5), round-trip min/avg/max = 24/45/100 ms8 J! J1 N- @* U# L& t
R20#
0 l" N' |# l* I, f6 L0 `9.R14 loopback0 can NOT ping R8 loopback0, fix it.; C; c; {3 b& d) R+ ^7 o
这题无法模拟,只有写出问题所在和需要注意的事项,最终参考“成都互联神州 超详细 Francisco” 的战报。: v" B. y2 T7 I) m. i
R14 ------ SW2 ------ SW1 ------ R10 ------ R8 5 [! P4 s1 N) V& U9 l4 v
这是物理拓扑图的连接方式。
( y/ x" I. B# }; D0 V需要注意的事项。
" _7 d+ h/ D! T( U9 o0 n1.VTP domain name (CCIE)5 G4 s) n P0 }+ H7 w
2.VTP password (cisco)
4 ~. {1 Q# U" @9 U3.VTP mode (SW1 Server; SW2 client)
. H6 E0 h# V7 j5 Y4.VTP (version 2)
/ a* A9 }* h5 _$ T: h5.VLAN号是否相同 (114)考试的时候不是这个VLAN号,或者说根本没有
5 t4 S: O: m+ t& N1 p* K2 F! s6.端口是否有加入VLAN* h, ]% m6 j* c! |3 `# |
switchport access vlan 114
" ]6 L# T5 `- F3 Q1 G4 U* v, D switchport mode access
6 ^2 p9 a" B, ^% d7.SW1 和 SW2之间的模式 (trunk)# W- k- D; a3 j8 g7 q* z
switchport trunk encapsulation dot1q
r$ r0 v- Q& E1 G) R switchport mode trunk6 J+ }5 p2 t& Z5 i; D0 E
' g; P- I8 I3 P' D/ w, `10.Match precedence 5 with R11&R12 to R7&R8.: Z' H. i; X% Z) @( \$ u5 A
R9#show run int e0/21 w& m3 Y1 u9 y. K
interface Ethernet0/2
) i" ^! o3 Y' T0 X' [ ip address 10.10.10.29 255.255.255.252
5 }' y+ g/ W7 N rate-limit input 8000 1500 2000 conform-action transmit exceed-action drop
4 W: x! n8 R) C) r8 f ip policy route-map PBR
7 i8 w# }) ?# z7 k( V; x, G+ X half-duplex/ r4 H1 g+ }3 D! k1 v
service-policy output xx% u9 G3 h& d2 y( W$ k
end8 r' X# d& W j% a8 g. |6 M
R9#show run int e0/0
" @& \1 P8 M9 y8 u9 m+ uinterface Ethernet0/0
7 W- B+ q% y! Y0 o; k9 q8 C ip address 10.10.10.37 255.255.255.252
( y6 k# J( j8 d3 \ ip policy route-map PBR
8 G3 t6 Y$ N P4 x# E half-duplex
. f) z. i, n, W7 P$ k' mend1 o& v4 p% g/ y0 U0 K+ t2 \) V
//端口上有流量限制,route-map policy-map的限制0 ?! `0 q6 B1 M% U1 Z! ]* u3 u
//检查各列表的匹配情况
( y5 N, ]6 S; m% B/ E8 o//把所有的配置都完善一下,并且把下一跳限制取消。5 X* v% K4 L5 U# }& q: p$ D9 |
//access-list 100 是匹配 class map ---- policy-map ----- 再应用到接口上
* ]/ s+ r) {* Z. i7 B) r$ A% n对于E0/2的端口,就只是抓R11的路由。$ |8 q9 {& A& C( \
对于E0/0的端口,就只是抓R12的路由。
3 e3 @2 R4 @! o* n# g# W* G这题正常的配置和测试方法应该是:
% `- H$ x: J) ?R9:. R2 t4 v6 D% ]
ip access-list extended R11: P$ ~4 `7 F. J6 f
permit ip 10.1.1.11 host 10.1.1.8 precedence critical
# T T& a l+ t1 x* u4 Q; N permit ip 10.10.10.30 host 10.1.1.8 precedence critical
+ Y$ [9 C/ g. @+ f1 ]! b' X2 y- Z permit ip 10.1.1.11 host 10.1.1.7 precedence critical
. m5 k7 @+ w' K1 R permit ip 10.10.10.30 host 10.1.1.7 precedence critical
" I4 D5 `7 U) b# o6 p5 n8 Q# Pip access-list extended R12, E7 L1 {6 C! P1 X# d# b; p, ], J* I
permit ip 10.1.1.12 host 10.1.1.8 precedence critical
/ A8 s- p% j. G+ d' w& B3 h, } permit ip 10.10.10.38 host 10.1.1.8 precedence critical: m2 ^7 \4 p9 y
permit ip 10.1.1.12 host 10.1.1.7 precedence critical
( ?& J/ K- k/ ]* m* H permit ip 10.10.10.38 host 10.1.1.7 precedence critical1 F! e& r7 M* o. q( }
class-map match-all R11
/ \( ~' [8 T2 N- N I match access-group name R11" R* F2 Y& U2 W# v. l
class-map match-all R12
8 N; {3 G3 k/ W0 g& P% v match access-group name R12/ }" Z7 k3 H/ A: @
policy-map R11
; H2 D0 E# r8 p6 V+ W/ A6 A# U class R11
9 `, u' m5 {2 r% Q- b set ip precedence 5
: S- I7 `5 s# _! mpolicy-map R12
( D( _$ ~. G& W: M3 P, Q: d class R12
" J# F2 h. R, T p( k j2 x set ip precedence 5, U* M& ^ X& [5 k( \# U- H8 X
int e0/2, J6 c" ^! Q( ?1 g
service-policy input R11, Q- c9 x8 J0 x% B9 J
int e0/0* H8 w7 Y& g1 Z7 Z- \0 g1 M* k! ]
service-policy input R12
, w, ^/ A* z$ W# p, ^//配置完后进行扩展ping测试。
U( ?8 r/ r/ [( LR12#ping/ M. `$ z8 h: f2 K- z
Protocol [ip]:
. l, l' d# _* kTarget IP address: 10.1.1.8
4 P8 t1 u/ |; E& zRepeat count [5]:
/ r6 O; U+ u( T8 w1 bDatagram size [100]:
3 a- r# t' j/ F- QTimeout in seconds [2]:9 a) y1 ]0 e. @4 O' B
Extended commands [n]: y
" w. U9 ^$ J. f0 _Source address or interface: 10.10.10.38
0 {- q/ V- _$ gType of service [0]: 160" S4 { e8 `9 H! U/ \! S0 W" C
Set DF bit in IP header? [no]:
( o0 p$ u2 B/ N6 T4 f% c# XValidate reply data? [no]:
) V& w7 r; I+ q2 s; v6 r/ t: B, E. VData pattern [0xABCD]:. i- w; O P6 t; Y
Loose, Strict, Record, Timestamp, Verbose[none]:
. d. K1 m. h; L" T4 m9 aSweep range of sizes [n]:- q, i$ V, ]0 v" F$ a
Type escape sequence to abort.; ~; @% ~4 g* N
Sending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:
- }7 n5 _5 Y/ y6 r4 b; o* xPacket sent with a source address of 10.10.10.38& I7 [3 W9 D( n* t# d
!!!!!: P8 v2 }$ O$ h* f, O
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/57/80 ms% H5 H/ Y$ C, ?/ F0 r# F1 N* _, X
R12#, n7 z; C& y2 F
R9(config)#do show policy-map int e0/08 Z: W* V# X% r! @( P9 k- u# f
Ethernet0/0
! U T4 E2 b' e v. y- G! N9 y Service-policy input: R12' l9 Z; }, t1 A6 b1 M9 a5 r: @ ?: k
Class-map: R12 (match-all)) H& Y) Z& L/ B% X0 ?9 ?( @
0 packets, 0 bytes4 A( n9 i! G2 }, R1 l& R
5 minute offered rate 0 bps, drop rate 0 bps" a |% t% g2 j4 i
Match: access-group name R12! Q$ k7 p9 y# P1 O
QoS Set
, u+ B" X" m; s precedence 5! |: E( l, W1 A3 Y8 I4 ~* |, O
Packets marked 5
L1 {4 _; h1 c Class-map: class-default (match-any)
; T4 f% B$ E! ` 111 packets, 11298 bytes
X6 q- F C, J u8 I# c4 L 5 minute offered rate 0 bps, drop rate 0 bps
; Q( |# F" ^" o2 { Match: any
, M6 n8 ~# Z8 K' [* B* ?1 r& wR9(config)#
( c; M% f, v! ^$ {) Q, W9 dR9(config-ext-nacl)#do show access-list" S V: H( F! T* C) d4 K
Extended IP access list R12
3 T. t! k: i; v, T' j( O- P; n 10 permit ip host 10.10.10.38 host 10.1.1.8 precedence critical (5 matches)/ U& Q3 |9 V0 N# y' @' ?
20 permit ip host 10.1.1.12 host 10.1.1.8
6 ~# v, y; O7 A M, _ 30 permit ip host 10.10.10.38 host 10.10.10.21
6 F q" |7 K+ I 40 permit ip host 10.1.1.12 host 10.10.10.21) e) H$ o! p/ I
//把剩余的所有IP地址都匹配上,然后进行测试。* V1 R$ J; N& U3 U
4 \2 V; M: ]4 x# u, k0 a0 ]3 x-------------------------------------------------------------------
- o* p$ k/ p$ y6 K& Q+ jcos1 y1 g7 n4 c* Q* U- h3 t6 T
000000 routine (0) 0
# {- m" F l6 [. P+ ~001000 priority (1) 32: X& x0 I7 _ q w* x+ w, N! h
010000 immediate (2) 640 L! R7 Y- d% u
011000 flash (3) 96
$ i ~% y1 l7 Y6 i& s1 ?9 m100000 flash-override (4) 128, k/ V* g- s: v
101000 critical (5) 1601 S: I! S6 l8 b, T
110000 internet (6) 1928 y1 G n% A% l5 g6 u$ V2 |
111000 network (7) 224/ \9 D' s6 D+ J
TOS 前3位) l7 x/ R/ v" H U
DSCP 前4-6位
& K+ _( D8 y0 z. @- I5 [5 Y1 s/ I' y9 g8 o/ F! z0 Z4 |
# V4 U3 m4 K( w" |1 U
" K. \9 ^9 k" r3 w: j1 M' E! Z# X
+ e/ s- ^6 M3 G; l6 f/ I
* ~& u. t, P( I& c$ s7 L8 J" V
: \) T1 V3 B# B& K! G/ h
% Y! H8 R, z$ r7 }, I6 z, ^7 P9 l- T/ J
( l2 \) y; ]% [. A
2 c: u. x! C% I. Z7 J* R
TS2' a2 U) g. R \) i% _% H; d
//部分路由器编号不对应,请参照正确的拓扑来查看。" J$ F6 T% Q( T9 h) S; H& P
1.R31 & R8 should established security BGP neighbor.5 T/ D; m: g; i" z! R) j
//打开路由器后,直接就收到了MD5密码不匹配的消息,查看BGP邻居关系,并查看show run 的BGP密码匹配情况。
2 |/ F7 P" d+ r, ~3 h2 k*Mar 1 00:07:30.379: %TCP-6-BADAUTH: No MD5 digest from 10.1.1.8(179) to 10.1.1.31(45688)
8 L2 z" S. U* _- WRACK30R31#) A, q& f+ Y( `% O: P0 M1 Z0 t
RACK30R31(config)#do show ip bgp summ5 I3 _! h: _3 r) E3 Q
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd0 ?0 V* y# Y8 f" ?8 R7 Q* ?- ~
10.1.1.7 4 200 14 14 2 0 0 00:10:13 1
$ ~$ G% {/ ]0 A w/ V10.1.1.8 4 200 0 0 0 0 0 never Active
: t: w. t* l! x% w2 I' e10.1.1.30 4 200 0 0 0 0 0 never Active
* `) R! ?. F4 X; u! @RACK30R31(config)#
+ T: P% W6 L2 I9 W5 A% y//确认BGP是否无法建立。
/ X# s& k# ~( ?) tRACK30R31(config)#do show run | b r b
3 a+ F4 k r, A# R! y3 Lrouter bgp 200
$ o! Z& q3 T, m% p( T5 W, m no synchronization( g7 N m0 V7 Z$ C5 p P
bgp log-neighbor-changes
# X( w) N" H/ X( L2 g neighbor 10.1.1.7 remote-as 2003 D6 c D: w. {! B
neighbor 10.1.1.7 update-source Loopback0& \( d5 z6 i: H' W; N
neighbor 10.1.1.7 route-reflector-client
Y0 k; O4 w- Y7 | neighbor 10.1.1.8 remote-as 200* B4 ~' U% c$ n2 `
neighbor 10.1.1.8 password cisco8 e, y8 L/ k# \! P4 O) x, \
neighbor 10.1.1.8 update-source Loopback0
6 B( @$ s1 i& O. V neighbor 10.1.1.8 route-reflector-client( G3 `* z7 I! ^8 h9 Z
neighbor 10.1.1.30 remote-as 200" e" U6 p6 }4 \) }! o
neighbor 10.1.1.30 update-source Loopback0" B9 z, N+ _3 }2 y# [; D- g
no auto-summary6 {' y" Z2 Q, z3 `
//R31对邻居R8配置了密码。去R8上查看密码是否匹配。3 f' u. c: m) o3 C
RACK30R8#show run | b r b" T! u* \4 c) m5 e" p0 `" i: e5 V
router bgp 200
; x! W2 K0 t9 ]6 V5 S; ^1 ~ @; ]( q' f no synchronization
/ G) O5 j/ x; E+ n1 k6 B6 h: z bgp log-neighbor-changes
" Q/ N$ J4 [7 y0 ~9 h+ M neighbor 10.1.1.31 remote-as 200
7 X" E! s" q- z l& ^: w4 T0 T* i neighbor 10.1.1.31 update-source Loopback0$ P+ M. F( B8 A( d/ h
neighbor 10.1.1.31 next-hop-self2 S1 d, J2 q4 K: Y3 S( |
neighbor 10.10.89.29 remote-as 300
5 o5 @2 G' R( T6 d no auto-summary
8 P$ X) Q' b" E/ E//R8上没有对R31配置密码,进行配置。$ v9 f" s2 `" \( z" E
RACK30R8(config)#router bgp 200. f" e8 r$ |- T
RACK30R8(config-router)#neighbor 10.1.1.31 password cisco
. u* h2 x1 D5 G. q5 q& N$ K, tRACK30R8(config-router)#3 _5 m$ b2 ], s' o+ ~7 K1 Z7 C& O0 o, D
*Mar 1 00:22:38.127: %BGP-5-ADJCHANGE: neighbor 10.1.1.31 Up. S# U6 W6 J9 P
RACK30R8(config-router)#* o) |5 e. w. r6 t
//基于题目的要求,安全BGP,所以对两台路由器BGP所配置的密码进行加密。
) E* x5 q, b8 F1 k# |RACK30R8(config)#do show run | b r b
" ~; {- f4 W! Frouter bgp 2006 K# d$ V- [$ n+ Q" G8 `% y
no synchronization
& T" @ @- V6 A1 m bgp log-neighbor-changes
! q$ K% j. @: K, z neighbor 10.1.1.31 remote-as 200
- s' p9 A1 B1 N8 E5 Y neighbor 10.1.1.31 password 7 00071A150754
- Z& l- c, `% f6 c neighbor 10.1.1.31 update-source Loopback0. Q1 b! I+ A& Y) t* F0 a$ Q0 R
neighbor 10.1.1.31 next-hop-self# S l9 c3 ^2 o3 n/ X% z
neighbor 10.10.89.29 remote-as 300( B, O/ v. q5 M \
no auto-summary% h5 V n" r+ P) C( n- Q! O
!
7 ~- W4 Y0 B6 ^1 m0 R$ ^6 yRACK30R31(config)#do show run | b r b8 K) m# k& }; t; @
router bgp 2007 O$ A- D3 g5 _, Y' d
no synchronization4 u3 L2 V2 P N
bgp log-neighbor-changes
. @4 s. W7 @ ] neighbor 10.1.1.7 remote-as 200
8 O4 x# u# `' C neighbor 10.1.1.7 update-source Loopback01 n! c$ z* `, y% Q4 @8 z4 D2 j
neighbor 10.1.1.7 route-reflector-client
3 \% C( F* i3 k neighbor 10.1.1.8 remote-as 200" _- j' Y2 ^7 N' q$ ]9 u
neighbor 10.1.1.8 password 7 045802150C2E
^$ e# }. j: I' j8 v9 @1 u neighbor 10.1.1.8 update-source Loopback0
: [, P+ K$ y7 B neighbor 10.1.1.8 route-reflector-client
9 ]" l: r! e! a/ |8 K, ` neighbor 10.1.1.30 remote-as 200& V5 D" y; P- \9 E% d+ P& ~
neighbor 10.1.1.30 update-source Loopback0, H- d) f, f y' n( e) g3 I
no auto-summary
, Q3 }# w( e4 k!
6 `+ J' [( R8 o$ p+ E2 n% D3 k& e
* Y! a. H' r+ _9 W; I& p2.R2 loopback0 should ping 10.1.1.27 (use one command and same device to fix it).' C3 ]; V+ {& L6 U# r8 \7 t
RACK30R2#show ip pro
! r- v0 z* X* ^3 ?Routing Protocol is "ospf 1"0 t( q8 {* h( Z# G
Outgoing update filter list for all interfaces is not set6 v1 a0 `2 q/ k2 \! @( ~9 b
Incoming update filter list for all interfaces is not set1 L7 C( m; e( S* M! q, i7 H7 |$ U7 M
Router ID 10.1.1.21 w7 k. J' q" s% e; B9 _6 d
Number of areas in this router is 1. 1 normal 0 stub 0 nssa) j( V, I, a9 q. z- V% m
Maximum path: 4
" y0 t; i7 J7 w* Z. a Routing for Networks:
) j$ X) Z/ F+ r% ^# @( o- ~ 0.0.0.0 255.255.255.255 area 2; F: m2 d7 K+ y# X$ t! m* x8 X. |
Reference bandwidth unit is 100 mbps
. J4 k+ @4 w! Q7 G. O3 R Routing Information Sources:
! R- P: \5 E. b( y( @ Gateway Distance Last Update
7 r( g" E6 o1 f1 s9 L Distance: (default is 110)
/ s5 N/ }+ s5 oRACK30R2#
& J# z2 ]8 B1 D5 s% HRACK30R2#show ip ospf nei
# u0 e: Z! v: Y! y/ p/ ~; Q/ e# Z j; HNeighbor ID Pri State Dead Time Address Interface* T: }* N# Y; d. L+ q# T N
1.1.1.1 1 FULL/BDR 00:00:38 10.10.123.3 Ethernet0/0
7 v. d8 b9 C9 F' oRACK30R2#: `, y) r* k2 @- O/ ~- p! v
RACK30R3#show ip pro3 `8 P$ _: j0 B- h" d
Routing Protocol is "ospf 1"
8 N }2 e# J: m# H Outgoing update filter list for all interfaces is not set: W# \, t# ~! ?! M+ w! [
Incoming update filter list for all interfaces is not set
" |: L% a* i/ r5 T Router ID 1.1.1.1" s/ u7 c) R9 r
Number of areas in this router is 3. 3 normal 0 stub 0 nssa# Z) w$ P2 P+ k! U6 g7 C
Maximum path: 4
o$ u# C' O& [% a$ R; L- ` Routing for Networks:
9 }4 Y) a) Z" C. r, A s9 j- z 10.1.1.3 0.0.0.0 area 14 h8 [: @$ ]$ Y
10.10.35.3 0.0.0.0 area 1# X, b# q: j; g+ k
10.10.123.3 0.0.0.0 area 2+ P$ c9 e* w7 H8 P' R+ r7 y
Reference bandwidth unit is 100 mbps
- Z! @7 W$ l, V- F# R1 d. f Routing Information Sources:: l7 z2 @8 d; _. ~
Gateway Distance Last Update
. y! }3 K7 t4 e2 c5 Q 10.1.1.2 110 00:32:06
" a, x7 ^* ?& i 10.1.1.5 110 00:31:56; @8 B( Q0 {/ T
Distance: (default is 110); z( O% a S, z8 D
RACK30R3#show ip ospf nei
5 I& H% G4 |, z, z w! P3 a% {/ ZNeighbor ID Pri State Dead Time Address Interface
/ j5 L+ ]1 `+ o1 M10.1.1.5 1 FULL/DR 00:00:35 10.10.35.5 Ethernet0/01 \# [6 _/ P$ {* Q3 J. r
10.1.1.2 1 FULL/DR 00:00:35 10.10.123.2 Ethernet0/1+ O2 O) h6 O; U7 N7 c
RACK30R3#
1 v& B" D8 ]: ?4 E//R2已经成功和R3建立了ospf 邻居。并且R2e0/0和R3e0/1的是属于OSPF区域2,R3e0/0之后是属于区域1。
% i: h- D" I2 S$ D" ~" ~- s9 E0 b: q//OSPF区域1和区域2要通信,则需要通过主区域0来进行。
% F; h# k3 O3 ^9 {//再经过查看,可以发现拓扑是这个状态:区域0(R8----R6)---- 区域1(R6----R5----R3)---- 区域2(R3----R2)3 |0 g4 f5 T; r4 }! F! @: Y
//那么区域2要和外部通信,或者要和区域1通信,则首先应该和区域0建立虚链路。
U7 D4 a8 j6 A+ j. b% U//在做虚链路认证的时候,一般还要做区域0的区域认证,但是现在R3却没有成功和区域0的R6建立虚链路。
# L: `% f; x3 R2 ~$ N3 |3 f去R3和R6上查看命令配置。" K- y* L4 b3 t6 D4 K9 w
0 u6 \3 w: {, p' ]0 FRACK30R3#show run | b r o D& `. }. x2 [6 i# V5 T
router ospf 14 d+ q+ L: S) e0 \0 ^
router-id 1.1.1.1
- G3 Y$ Q7 u- e log-adjacency-changes `" X. |+ ^1 f1 R% H4 L
area 1 virtual-link 4.4.4.4 authentication message-digest
; n& W2 l, i8 k2 ?9 Y4 S area 1 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco
" }9 T+ }: v/ ~ q" Z1 ~5 I8 | network 10.1.1.3 0.0.0.0 area 1
* @+ R# ~5 e7 ^" s: G) s network 10.10.35.3 0.0.0.0 area 1
# f M0 w7 X3 y) ] network 10.10.123.3 0.0.0.0 area 20 f9 p, g: O3 \6 S- E
!
b8 @3 x8 c% P- V7 K5 aRACK30R6#show run | b r o
5 X b2 h3 x; l9 \; j1 E, ~router ospf 1
. S3 ^. R+ \9 D8 |$ q router-id 4.4.4.4: x$ F% O8 t! P% `) Z- z( s5 A
log-adjacency-changes' H8 e4 S/ x' B
area 0 authentication message-digest! m, s4 A% n( v7 w) K
area 1 virtual-link 1.1.1.1 authentication message-digest
3 i8 O# [4 e5 K2 C6 h0 s" K. @ area 1 virtual-link 1.1.1.1 message-digest-key 1 md5 cisco
, \# {* b, o4 i6 x5 d. ]( ?) o network 10.1.1.6 0.0.0.0 area 0
, \0 U h" t, d2 B+ @/ ]9 l network 10.10.56.6 0.0.0.0 area 11 X8 y5 D. B1 A% U: C/ p7 J5 |
network 10.10.68.6 0.0.0.0 area 0
6 Z' z( S4 u, \$ C: @& T( pRACK30R8#show run | b r o+ A0 h% g. x; d. r; j( g' A
router ospf 19 x. h# a" I& ~ `. d
log-adjacency-changes7 T+ l4 q. A5 ]3 ^9 B
area 0 authentication message-digest1 D; J. i; E$ ]# g# O2 ?
network 10.1.1.8 0.0.0.0 area 0
1 s' U: F( ?( } a% T8 c network 10.10.68.8 0.0.0.0 area 09 _: q' C+ k$ f
RACK30R6#show ip ospf nei
) Y4 U! C9 j' M# |Neighbor ID Pri State Dead Time Address Interface$ A& j. k6 r9 d
10.1.1.8 1 FULL/DR 00:00:31 10.10.68.8 Ethernet0/0$ q1 c+ a8 Z7 }
10.1.1.5 1 FULL/DR 00:00:39 10.10.56.5 Ethernet0/1) V. q, |* D% f* H. B
RACK30R6#
: `+ `8 ^/ ^" S* v7 jRACK30R5#show ip ospf nei* k2 m2 F1 ~. {4 v
Neighbor ID Pri State Dead Time Address Interface- o; G o; P/ ~. i) {. }6 l
1.1.1.1 1 FULL/DR 00:00:32 10.10.35.3 Ethernet0/1
$ h, n9 F3 T' \- F7 ]! [4.4.4.4 0 FULL/ - 00:00:34 10.10.56.6 Ethernet0/0
1 J) o' D. A8 s& iRACK30R5#
4 ] }; |& t6 Y; ~' ]//我们可以从这里看到,R3和R6已经配置了虚链路认证(为了确保密码没问题,可以重新配一次)。
' f$ ]& V0 X2 k, M% m6 v) [3 B2 U//R6又和R8建立了区域0的区域认证。; a0 o, S& Y2 o2 d; B/ C1 j
//目前的状态是R6和R8、R5建立了OSPF邻居;R5和R6、R3建立了OPSF邻居。
) d% y! B8 H P+ W3 n 但是大家有没有发现一点,为什么R5在连接R6的时候会没有选举DR和BDR呢?
* l* F5 C9 N# b4 U9 f//我们去查看一下R6和R5的连接状态
$ W$ g3 s+ [0 {
- S% b, B- W& U2 X( h, }$ V' L1 wRACK30R6#show ip ospf int e0/1: B4 [1 q) m- Z
Ethernet0/1 is up, line protocol is up
" `. \3 y/ Q6 _7 v) ^& z! p Internet Address 10.10.56.6/24, Area 1! j/ ~) d7 X9 n$ k+ B" _$ S
Process ID 1, Router ID 4.4.4.4, Network Type BROADCAST, Cost: 10
( r9 i) R3 K2 F& ] Transmit Delay is 1 sec, State DROTHER, Priority 1
$ z" k b* U8 o4 k$ F Designated Router (ID) 10.1.1.5, Interface address 10.10.56.5: g" n% q# s6 y, q5 K" e0 h
Backup Designated router (ID) 10.1.1.5, Interface address 10.10.56.5
, \+ _+ R" i; g3 Z: x Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
& a* I5 X' p( X/ O* J7 z oob-resync timeout 40
c s% L! k5 i& `8 Z& K Hello due in 00:00:01
+ S3 H- A- X3 c$ T Supports Link-local Signaling (LLS)1 ^( D; x: {: ^8 s
Index 1/3, flood queue length 0& U; d2 l' Y7 X: f4 @1 e
Next 0x0(0)/0x0(0)
- ]; m9 w7 l5 Z2 a" z. C Last flood scan length is 2, maximum is 30 R1 M; C! p9 a; g e0 ^% j
Last flood scan time is 0 msec, maximum is 0 msec
8 o# c% p: `2 x4 Z t Neighbor Count is 1, Adjacent neighbor count is 1
% y! C5 {+ |5 Q. p6 n+ \ Adjacent with neighbor 10.1.1.5 (Designated Router)
7 n8 d0 w0 i- e Suppress hello for 0 neighbor(s)
# A! I5 T" t2 b Q- bRACK30R5#show ip ospf int e0/01 e' d& u: `2 W
Ethernet0/0 is up, line protocol is up) P6 Q7 S* {, F& R" s: I' w b1 }
Internet Address 10.10.56.5/24, Area 1& H9 ?3 W8 A7 ^; ^7 j x
Process ID 1, Router ID 10.1.1.5, Network Type POINT_TO_MULTIPOINT, Cost: 10" P0 ]* n: z, e1 e
Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,. d$ S2 {+ F* ?0 A! b* B. E
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
' s3 b" Y: ?+ Y7 N# O oob-resync timeout 40# L' d' C; z: i; n9 U
Hello due in 00:00:070 z! f0 S$ h2 `8 |0 k8 V& [7 {
Supports Link-local Signaling (LLS)* a* M$ d; L8 @4 w
Index 1/1, flood queue length 0
- c2 o7 ?- X, G E) g Next 0x0(0)/0x0(0)& V( {2 m9 M3 ?- F9 Z$ ?. C
Last flood scan length is 1, maximum is 1) s7 } K; k% Q1 X9 u
Last flood scan time is 4 msec, maximum is 4 msec
4 w5 T+ A, [! q- }3 b Neighbor Count is 1, Adjacent neighbor count is 1
* Z3 g, D/ H5 h3 j Adjacent with neighbor 4.4.4.4
( W( p. e, T* o Suppress hello for 0 neighbor(s)0 B% G* e6 x9 N& M1 J$ r( h
//从这里,我们可以知道R6之所以和R5建立了OSPF邻居是因为R5的Hello dead time 都可以和R6匹配。# v+ x W4 z3 i% v
//插句理论:4 m! _8 ~- k8 K( _0 b6 U
点到多点的特性:
1 H. X1 _5 \, B' \2 i( I$ \( P" w 1.没有DR概念
( k% L1 r5 V& T2 M# q' ]9 b 2.不需要定义邻居,属于完全邻接0 E1 V8 Z5 E2 b! Q5 a) P* s) P' k
3.整个网络使用一个子网
# j' G, V5 J2 f* ?6 w! H 4.Hello 30 dead 120 wait 120
7 h+ t. r S3 J; y# q3 O5 i2 a//所以在这里因为R5的定义,使R6认为自己有两个DR,一个是R8,一个是R5,导致虚链路无法正常建立。* D( d0 D: ~# Z2 o. [& v
RACK30R5#show run int e0/0; L4 B: W! W' p, J7 F6 v# A; o, R- I
interface Ethernet0/0' L3 a& C1 {, O( I$ j0 F9 W
ip address 10.10.56.5 255.255.255.0, Z0 J0 g/ h- c" q
ip ospf network point-to-multipoint
* T3 `- x9 l' x) Q$ l" o9 O ip ospf hello-interval 10
0 p! Z. F6 k& d2 C" `- G half-duplex1 ?& w# J! X) C( e* Y4 c7 s
end
+ k1 A$ n/ v( T+ SRACK30R5(config)#int e0/0
( [& T' H. W* ~; g) |1 V# fRACK30R5(config-if)#no ip ospf network point-to-multipoint
& m$ f8 m4 K: ]& }" C- }5 E/ F, L) N) tRACK30R5(config-if)#0 G0 \7 O9 m) e; o$ q p4 t
*Mar 1 00:22:35.471: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
. k# \* R6 ?: a*Mar 1 00:22:35.631: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0/0 from LOADING to FULL, Loading Done
! R# `6 _* y9 o5 n. [RACK30R5(config-if)#do show ip ospf nei
1 Q/ M6 m0 w: u; @+ YNeighbor ID Pri State Dead Time Address Interface/ h' F+ n. q2 v! }- ?
4.4.4.4 1 FULL/DR 00:00:38 10.10.56.6 Ethernet0/0$ p, q8 ~" B1 Q7 ~5 R& ]! n% g
1.1.1.1 1 FULL/DR 00:00:36 10.10.35.3 Ethernet0/1
! I" h- y; v3 f9 z8 N4 ^RACK30R5(config-if)#
: g* f+ z1 ?. F% G( _//更改过来。* N- p: K# }9 u' u2 _% ^2 m
RACK30R6#8 n2 J/ B- H6 ]& V0 f
*Mar 1 00:22:35.267: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.5 on Ethernet0/1 from LOADING to FULL, Loading Done; y$ U6 X p; Y9 B# O. a
RACK30R6#show ip ospf nei" `" j j; g% R
*Mar 1 00:22:50.891: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on OSPF_VL0 from LOADING to FULL, Loading Done& j' h9 p# K3 O( j7 B8 |+ A8 n( C! m
RACK30R6#show ip ospf nei
4 ]/ v" P B8 L, W. X' \Neighbor ID Pri State Dead Time Address Interface
. s* |( O5 X3 n% W8 w+ O5 d10.1.1.8 1 FULL/DR 00:00:39 10.10.68.8 Ethernet0/0
' p+ z; B0 @& i" W6 I) f) S1.1.1.1 0 FULL/ - - 10.10.35.3 OSPF_VL0
$ o: E0 T H- ]' e$ o$ }10.1.1.5 1 FULL/BDR 00:00:37 10.10.56.5 Ethernet0/1
# B/ S) S. Z" g, L8 _' z( QRACK30R6#( F! W7 c. L- s+ E3 Y) X" X
//R6重新进行了DR和BDR的选举,并且成功和R3建立了虚链路。去R2上查看路由情况。& B' Y& R% b! s% @3 s
5 \% Q7 I0 X' CRACK30R2#show ip route4 s8 J7 j. R; p. ^3 j
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
) [* W7 B0 b- fO IA 10.1.1.8/32 [110/41] via 10.10.123.3, 00:05:16, Ethernet0/0
9 u. B* N5 ?, ]1 F+ }/ q5 EC 10.1.1.2/32 is directly connected, Loopback0. p2 Y# I( S/ h
O IA 10.1.1.3/32 [110/11] via 10.10.123.3, 00:05:25, Ethernet0/09 j, e8 ]# b8 o& I
O IA 10.1.1.6/32 [110/31] via 10.10.123.3, 00:05:16, Ethernet0/0
5 r; k/ {) d- c" G. R I. cO IA 10.1.1.5/32 [110/21] via 10.10.123.3, 00:05:25, Ethernet0/0+ M9 L, F" r) z; Q1 L) _7 \
O IA 10.1.1.27/32 [110/11152] via 10.10.123.3, 00:05:16, Ethernet0/0
5 B/ ~! ]- g# y8 v% U. z2 ?; DO IA 10.10.35.0/24 [110/20] via 10.10.123.3, 00:05:25, Ethernet0/0# M+ f4 o; O$ C( l
O IA 10.10.56.0/24 [110/30] via 10.10.123.3, 00:05:25, Ethernet0/09 K$ y5 h/ Y. A$ I2 [7 c, s
O IA 10.10.68.0/24 [110/40] via 10.10.123.3, 00:05:16, Ethernet0/04 l, a5 d, q7 [# W
C 10.10.123.0/24 is directly connected, Ethernet0/0
! J2 k7 S! s) X4 k: ?RACK30R2#ping 10.1.1.27 s; \5 h: x- _3 H( A
Type escape sequence to abort.6 {, D3 y. F% [: j" N, l
Sending 5, 100-byte ICMP Echos to 10.1.1.27, timeout is 2 seconds:; f5 {1 A O6 u, h; e' Z
!!!!!
5 \$ ^) n0 `. h) ESuccess rate is 100 percent (5/5), round-trip min/avg/max = 36/77/104 ms$ S2 R/ Z. }7 B3 o' `" q6 V
RACK30R2#5 x0 R# e' `2 O, P \: K
//R2已正常学习到了来自R27的Loopback路由,并能正常通信。(达到了要求,只用一条命令来解决这个问题)# A* k! Q4 q/ o* F
3.Source R27 10.1.1.27 should ping destination R18 loopback 1.100.100.100.
: T j* d- A5 T( _$ }RACK30R27#show ip bgp% e- V! k, L7 G$ {3 S3 b! d
BGP table version is 4, local router ID is 10.1.1.271 t1 }0 V0 ~" e: A/ t- l6 Y
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,& h) O/ `# G4 Y- a+ l, w
r RIB-failure, S Stale$ U$ z' E1 X+ Z- e! G9 @& }
Origin codes: i - IGP, e - EGP, ? - incomplete8 h$ Y8 ?& S! n7 L, Z
Network Next Hop Metric LocPrf Weight Path9 P9 P6 C9 j1 M% |
*> 10.1.1.27/32 0.0.0.0 0 32768 i
; R+ C3 D' M# m+ o' R( d2 Wr>i10.1.1.31/32 10.1.1.28 0 200 0 200 i
! S; j" d& E' q: GRACK30R27#
N& i2 Z3 a7 B//我们可以看到R27无法收到来自R29的IBGP路由,并且路由到了R31就就无法在走下去。2 c4 Z- U$ i0 t2 b2 q0 C/ }
//R28调整了local-preference, 但是这不影响路由的接收。9 _' X5 G6 z$ `3 K0 L8 X: c j
//去R29上查看邻居建立情况,去R31上查看邻居建立情况。" ]% n+ R7 [/ L& n4 |2 |, Q! E, B! y
RACK30R28#show run | b r b7 T4 P4 t. N4 ?- y: Q
router bgp 300; ]2 ~0 Y N( w% q+ y& r
no synchronization. w/ V3 n2 E* f3 }; x) G- m4 g
bgp default local-preference 200
7 ^# x) w3 a9 Z6 p3 H6 l bgp log-neighbor-changes
7 f) S2 r% A2 O0 a4 [% j' {2 q) D neighbor 10.1.1.27 remote-as 300) U: R+ D: ?) N% r; D+ ?
neighbor 10.1.1.27 update-source Loopback0: N% s1 n- Z% [' j) ^& `( A
neighbor 10.1.1.27 next-hop-self
7 R$ X* d: R% o2 U0 @) y0 B3 B" X neighbor 10.10.78.7 remote-as 200
6 d) o8 Q8 s, @+ y3 ~8 g1 H no auto-summary4 u/ U+ t" c; ?( j2 O8 y* x+ |
RACK30R29#show run | b r b! ]' j- j! ^: E
router bgp 300
; n5 y. C* @5 }6 K1 q" c no synchronization
$ W4 @$ r0 n: N1 i q( {* f5 O bgp log-neighbor-changes1 t* C2 }# S I8 ^; `+ K! m
neighbor 10.1.1.27 remote-as 300
# r- g/ O4 G: }# D neighbor 10.1.1.27 update-source Loopback0
, G2 W) I" _& L; @ neighbor 10.10.89.8 remote-as 2005 O0 Z$ d0 w# q H* h
no auto-summary
8 s4 i; g7 k6 h- {* T//我们可以发现R28和R29都没有对自己的Loopback口进行通告。. S; ~! n& [4 ]& w1 z- O. o9 M+ {
RACK30R28(config)#router bgp 300
$ n+ H( k1 ?; k, Y- b6 KRACK30R28(config-router)#network 10.1.1.28 mask 255.255.255.255$ t) h. C6 ]% @# b
RACK30R29(config)#router bgp 300
+ R! K7 p, x1 ?7 V" i* Z. hRACK30R29(config-router)#network 10.1.1.29 mask 255.255.255.255/ |" E. t5 R' L) t# [3 x7 N
RACK30R29(config-router)#/ n8 w1 _ T2 M# B. I
RACK30R27#show ip bgp
, V, L; N; w/ C Network Next Hop Metric LocPrf Weight Path7 O' [( j z1 C2 h3 w; [3 d2 ~
*> 10.1.1.27/32 0.0.0.0 0 32768 i
' @; H7 P2 I/ v8 ?+ Kr>i10.1.1.28/32 10.1.1.28 0 100 0 i; _/ E s4 g/ {# e
r>i10.1.1.29/32 10.1.1.29 0 100 0 i" w$ K7 [4 G& z' S0 Y* y% ?
r>i10.1.1.31/32 10.1.1.28 0 100 0 200 i( Z: r' v- } \2 X3 `' U- `
RACK30R27#
8 m6 D S! }6 ^3 ?. i) {0 G//现在R27可以正常收到来自AS内部的BGP信息。查看R31的BGP建立情况。; g" |9 [9 U3 j# o* ^" C- h
RACK30R31#show ip bgp summ
: G: D8 @- c# H" R; N: LNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
9 K, G/ M; p+ a+ Z! N10.1.1.7 4 200 23 29 20 0 0 00:17:29 3
+ [% E- K6 U8 a s10.1.1.8 4 200 0 0 0 0 0 never Active
3 Q" }! v! i. J10.1.1.30 4 200 22 27 20 0 0 00:17:25 40 v2 A9 C" ?3 l
RACK30R31#
B$ z! Z: E- zRACK30R31#show ip bgp% |, r `# U9 V% z; m y1 j2 o: D( ~
Network Next Hop Metric LocPrf Weight Path* K. o3 F- k0 O
*>i1.100.100.100/32 10.1.1.30 0 100 0 100 100 300 500 600 i
' P- w3 ~# Y/ D7 c- u! r$ C, Z; H*>i10.1.1.27/32 10.1.1.7 0 100 0 300 i' m4 S" v6 a; n `
*>i10.1.1.28/32 10.1.1.7 0 100 0 300 i
" \) L! F+ Q4 Z( N. N*>i10.1.1.29/32 10.1.1.7 0 100 0 300 i1 [. B5 h- d$ e
* i10.1.1.31/32 10.1.1.30 409600 100 0 i& [. d% \% O9 A8 N
*> 0.0.0.0 0 32768 i- [$ g! q. D& W/ P% ]6 B2 K
*>i10.10.18.1/32 10.1.1.30 0 100 0 100 100 300 500 600 i8 @- K* D% b, m7 y# k
*>i10.10.18.2/32 10.1.1.30 0 100 0 100 100 300 500 600 i
; R& U+ W$ B a7 z0 ]% L; r0 QRACK30R31#- f- {# S3 }7 E& e3 }
//R31没有和R8建立邻居关系。7 F" K# y7 @& Q8 q
(如果题目要求仅仅为了ping通1.100.100.100,那么其他问题就不用解决,只要有路可以正常通信就可以了)
' b0 f. p) N& z4 w( t( k) r8 t//BGP邻居表中,R31收到了来自1.100.100.100的路由,路径的顺序是AS 100 300 500 600。
& O# s% m! p5 }* s8 R 我们知道R27是处于BGPAS300里面,但1.100.100.100这条路由已经经过了300这个AS。
5 @4 Y. \$ t3 e; I; U8 Y9 w 因此这个路由信息当发送到AS300后,AS300里面的路由器就会把这条路由DROP掉,因为它们收到了一条或许来自于自己AS的一个路由条目。
( q0 Y$ ^" r" M9 e) b; fRACK30R18#show run | b r b7 Q1 N& w. _) |5 E z0 j1 q
router bgp 1001 T, {7 |' U, q! T" c; `' G: K" }
no synchronization5 @" {8 H9 j& T W: k1 V
bgp log-neighbor-changes/ Y& n% e, b% @3 a- u2 Z
network 1.100.100.100 mask 255.255.255.255$ S7 d h: ^( d" k- y. R7 ~0 I: y
network 10.10.18.1 mask 255.255.255.2550 x$ X1 ~* N' W
network 10.10.18.2 mask 255.255.255.2558 l$ k- [* p: S3 S
neighbor 10.1.1.19 remote-as 100
4 e+ R9 \; {9 I4 _! j; V neighbor 10.1.1.19 update-source Loopback0+ V% W" L; C X. k: j
neighbor 10.1.1.19 next-hop-self- |7 w1 S- f u
neighbor 10.10.183.30 remote-as 200# O/ j: I$ }; E4 W& [/ h
neighbor 10.10.183.30 route-map AS out7 }9 ?- \8 C B2 q
no auto-summary7 w! x6 c; I- n$ X: N; O' S$ Q$ q
!
4 ?& l& b; f7 H0 ^ m* m$ | Gip http server
! \& ^' x9 Y7 W* J0 Vno ip http secure-server
3 ^8 Y$ m$ i& N& U v7 {!
1 O' i: ?8 s) J0 z!
5 v9 N0 v, F2 ?!
! T4 g' u+ U4 M0 ~" gaccess-list 10 permit 10.10.18.2
: C5 K) l- Q% _9 {access-list 10 permit 10.10.18.1) a- f5 h* R! g0 I$ \( ^
access-list 10 permit 1.100.100.100& a/ u& x$ k1 A) I, J
!
3 C' H1 h* d5 f5 U I" G+ {- k9 hroute-map AS permit 10; ?1 O. J' n. H7 Q b, f/ G
match ip address 10
! b& N+ T, A& M4 i% O) J) {2 k set as-path prepend 100 300 500 600
+ v5 Z% R# x7 _- f//我们在R18上发现了1.100.100.100的起源路由器,并且通过route-map对路径进行了设置。/ o; A, d& g7 H
//为了不要更多的更改路径属性,所以我们仅把这个AS300给NO掉就好。
, C/ C* R( R% J5 z. QRACK30R18(config)#route-map AS permit 10
1 j8 }0 Y: x# l" C oRACK30R18(config-route-map)#no set as-path prepend 100 300 500 600
9 t/ A. ^, N, d1 i8 WRACK30R18(config-route-map)#set as-path prepend 100 500 600
. W& F# h0 L8 i U: M5 |RACK30R18(config-route-map)#! ^& b4 g2 }0 e& U# \
RACK30R18(config-route-map)#do clear ip bgp * so0 o# v1 V- N# T! L2 M7 `( _
//配置完成后,清一下路由表,让BGP路由信息尽快生成。2 t! I( b. C4 w3 O
//去R27上面看一下BGP路由表情况。
$ G% |4 o, {; E& }- x' x, ^+ ?8 n( qRACK30R27#7 V/ v, Y; |, P+ ^
RACK30R27#show ip bgp( f6 Y) Y/ t9 Q; t' G6 j
Network Next Hop Metric LocPrf Weight Path4 i4 x& U3 n! A/ c, T
*>i1.100.100.100/32 10.1.1.28 0 200 0 200 100 100 500 600 i3 N+ n% {2 r* a
*> 10.1.1.27/32 0.0.0.0 0 32768 i
" Q* G- Y/ a" [r>i10.1.1.28/32 10.1.1.28 0 200 0 i
6 i8 I6 t$ D% g( ?8 B4 lr>i10.1.1.29/32 10.1.1.29 0 100 0 i0 b3 F3 A9 ~. I* N
r>i10.1.1.31/32 10.1.1.28 0 200 0 200 i
9 H8 C/ y- t5 Z+ {6 r*>i10.10.18.1/32 10.1.1.28 0 200 0 200 100 100 500 600 i5 D/ ~/ I e9 Q0 `5 m3 B
*>i10.10.18.2/32 10.1.1.28 0 200 0 200 100 100 500 600 i
( Q2 ^/ f- V6 b8 y# ?4 G& h0 rRACK30R27# q, s7 w; Q8 r) b
RACK30R27#ping 1.100.100.100 sour 10.1.1.27- f9 w) h- Q% x6 @' {0 y
Type escape sequence to abort.2 t" }4 r' c: j- ?) j6 q
Sending 5, 100-byte ICMP Echos to 1.100.100.100, timeout is 2 seconds:. Y4 M, K! U+ ~8 L i, |
Packet sent with a source address of 10.1.1.27* u! E- e" b0 r
!!!!!4 N6 J& k* |- p
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/112/156 ms' Q0 ^4 \+ ^$ |. D1 s0 \' T: [
RACK30R27# o! m6 R$ l- [, E/ z& r# I0 t" v
4.R9 should use loopback 10.1.1.9 to telnet 10.1.1.10(pls do NOT remove and modify any command ).: }4 a+ ^( F8 k' I( K! V1 d" }
R10>
( }' |1 ^! r6 M% |# M*Mar 1 00:00:38.355: %PIM-5-NBRCHG: neighbor 172.16.14.26 UP on interface Ethernet3/0
$ ^: r3 i7 R6 l*Mar 1 00:00:38.367: %PIM-5-DRCHG: DR change from neighbor 172.16.14.25 to 172.16.14.26 on interface Ethernet3/0
5 b% f9 K7 Q& @) M2 m: f( i; lR10>; u* V+ E+ ]2 D. I c/ p" e7 C; ~
*Mar 1 00:00:50.327: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.9 on Ethernet3/0 from LOADING to FULL, Loading Done
! L* n1 h* F& ]& [& s/ v* [) z! sR10(config-line)#do show ip ospf nei9 i$ f( J' J" s g; n4 a
Neighbor ID Pri State Dead Time Address Interface' M( x- O' h# A( d2 v' W0 x; G- u/ x0 e/ v
10.1.1.9 1 FULL/BDR 00:00:32 172.16.14.26 Ethernet3/0, @. n" l" A4 |
//开启R9和R10的时候,出现了以上提示。首先确认R9和R10的邻居是否正确建立。' F5 N8 C5 b: F9 O' ?& h! _
//然后查看R10的VTY端口是否配置了某些阻止TELNET的命令。- \) ]3 H; M0 x6 _
R10#show run | be line% t0 _( e/ {, @5 v
line con 0
' W- |, q' @( B* F. Z, _7 S& x- z- g% e exec-timeout 0 0- E) w5 N6 J. r1 t: k( w
password cisco1 d7 g1 W- u2 c: R! j3 b+ C
logging synchronous
' Z: U9 M k: G1 B u a1 Wline aux 0% R7 z, H4 q' I# p+ E n
line vty 0 4
' [' c5 N1 Y% M$ d exec-timeout 0 0
4 Y( h, s" K8 v% E password cisco
% w! m9 C; S& _; Z7 v logging synchronous6 s2 K( S: n) g9 L) p% ~
login* R- H" Z5 F/ U! a5 m" C
transport input none
4 q, a6 Q5 |$ F0 M!/ G/ L4 i2 h5 s( J2 \" W @
!
& K* k2 `. ~3 v. ^- }) V5 b& jend
( Y. U& I% I/ |5 S4 |//通过VTY进入的时候,没有方式允许。
9 V! H: \/ M9 {# T9 n0 vR10(config-pmap-c)#line vty 0 45 d& s$ m6 S) C/ M$ n
R10(config-line)#transport input telnet
) S2 [) o) W/ J" c( `$ D k" }
# e n, h2 o* b2 P//查看R10的访问列表,是否执行了阻止。) n+ z" J! m' D* e
R10#show access-list
6 S. K& B. ], C ^' o& XExtended IP access list 100
1 k# T8 w" s' R6 e3 s( S 10 permit tcp any any eq telnet (12 matches)
- Z5 \0 k c; J* Y( lR10#show policy-map
. g t+ s. l/ R3 k Policy Map TELNET
$ X% W+ x. O; G9 N: n2 G# l Class TELNET
( J# M- t' ~$ r! d drop) B$ `; v, q3 D3 {5 u7 [
Policy Map marking
7 H" k" q3 {+ x1 g$ |$ p: T//因为题目要求不能删除或者修改现有配置,但可以增加新的ACL。1 B1 ]9 C) T$ B2 N" Y
因此我们就按照现有的配置增加新的ACL,让其匹配policy-map。" ]+ J2 @3 X" V# N
R10(config-ext-nacl)#do show access-list: f# t1 i; Z: h4 V
Extended IP access list 100
7 F& S+ n; W1 j& s% B 10 permit tcp any any eq telnet: X- l6 i; s( M/ x% b# e
R10(config-ext-nacl)#
( \2 t `8 M' W" T; c* M, X3 [//我们在此插入一条,acl 5上去,让policy-map先匹配更精确的5,从而不匹配10 的那条ACL。
6 s. W9 a3 p3 d, j$ D$ HR10(config)#ip access-list extended 1008 w, l* k3 K3 {! S7 u- B
R10(config-ext-nacl)#5 deny tcp host 10.1.1.9 host 10.1.1.10 eq telnet. V4 A' W( I @" W) W4 {
R10(config-ext-nacl)#do show access-list
2 n Q8 p1 C$ s3 E7 o1 c9 c" d H* T/ NExtended IP access list 100' V3 ?9 U& f5 W ?& W
5 deny tcp host 10.1.1.9 host 10.1.1.10 eq telnet
, K0 D& l: [3 c, T, p1 c& B- e 10 permit tcp any any eq telnet
( m- D, S! F$ `9 E! T//进行telnet测试! r# B) Q( y% R. Q8 ~' F
R9#telnet 10.1.1.10 /source-interface loopback 0( F0 s/ S! m/ a0 z% _) ]' M
Trying 10.1.1.10 ... Open
+ w/ w9 ~, a: j5 h% ]4 {4 E" B
" {! @8 V$ o5 b; UUser Access Verification/ Y: X# F* _- |- N* w+ q4 c4 Z8 v
Password:( r9 h) t6 C& m1 V8 Q
R10>exit
9 B* d$ E* n+ S" ~8 v5.R15 should ping R13 and R14.$ p3 z; n, m3 t
R15#show fram map) M( b; G, j( q2 Z k& n
Serial1/0 (up): ip 172.16.13.2 dlci 314(0x13A,0x4CA0), static,) Z3 g+ j, ]: r# A
broadcast,. ?$ N* @% b, |6 Y2 t
CISCO, status defined, inactive
, Y+ ^$ }7 f; ]Serial1/0 (up): ip 172.16.13.3 dlci 315(0x13B,0x4CB0), static,
9 D" [0 L0 t8 |8 d+ w+ z broadcast,( r: ]- @3 j3 S$ O: E0 h+ |0 [
CISCO, status defined, active/ C( L/ i9 i" X
R15#: Y' S8 x: D/ ^2 L s
*Mar 1 00:01:14.959: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.13 on Serial1/0 from EXSTART to DOWN, Neighbor Down: Dead timer expired
& [; e5 L* [& ~' e- C" P! h*Mar 1 00:01:15.067: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.15 on Serial1/0 from LOADING to FULL, Loading Done
. M2 t! }! x# ~R15#show run int s1/0
- \, Q( r0 m- iinterface Serial1/02 E' n X6 O( n* m
ip address 172.16.13.1 255.255.255.248
; O3 P( x9 O% p! B9 \ encapsulation frame-relay
% O2 i7 E, P1 ] ip ospf authentication message-digest3 D( {0 M" X& [) c% F) d
ip ospf message-digest-key 1 md5 cisco
! ]' Q) V, \" u' _5 f ip ospf network broadcast/ `. a2 ]% D+ O
serial restart-delay 0+ e5 Y' b4 n# N# e6 O# E) P
no fair-queue, s0 D: t( f5 F1 N2 o
frame-relay map ip 172.16.13.2 314 broadcast; Y) h$ L9 ~0 g/ @5 F9 U( w
frame-relay map ip 172.16.13.3 315 broadcast1 w# j, ~9 n( `4 C8 R( z
frame-relay lmi-type cisco
4 Y) Q' d. u; C# o( kend/ Z3 E8 L9 M7 [9 ^) v
R15#
9 c+ F. i: a( t x% P8 A% e$ F//在R15上查看frame map可以知道R15和R14成功建立,但无法和R13建立。7 ~6 T% x2 ]6 T/ g% x' }2 G0 U
R14#show fram map& g8 q" k5 d- }1 k8 e3 N- H8 K& N
Serial0/0 (up): ip 172.16.13.1 dlci 351(0x15F,0x54F0), static,' o" \& c! h; P3 ^# ?2 a- C5 r6 m
broadcast,
8 H* i5 S3 i+ }, }9 Q9 C CISCO, status defined, active
) z7 ?3 T( C$ Y4 l* A A2 h" ASerial0/0 (up): ip 172.16.13.2 dlci 354(0x162,0x5820), static,
8 T9 k2 B( z6 ^* R broadcast,
% k" n, Q1 B% S# f) C CISCO, status defined, inactive+ E( @9 R! f% N3 W' T! n
R14#show run int s0/0; p+ _8 ]' [9 ^8 f
interface Serial0/0
/ i1 W7 d0 J: E3 [9 n% q ip address 172.16.13.3 255.255.255.248
5 h. t% t, U1 D& b) l! @% E) a" F0 b encapsulation frame-relay( t2 p7 t+ Q0 s
ip ospf authentication message-digest, A! c8 }! q/ M& o* W1 B* p6 U( ^
ip ospf message-digest-key 1 md5 cisco
! U8 _$ V) v+ M0 c% d9 f" W ip ospf network broadcast5 c- I4 q0 g; z0 \+ {" r
serial restart-delay 0) M- [5 Q0 Y0 C& z: k) B [7 `
no fair-queue
7 ^2 P, p4 ], v: G, K5 w) c7 n frame-relay map ip 172.16.13.1 351 broadcast
* U l" P E: F4 G8 Y frame-relay map ip 172.16.13.2 354 broadcast) a0 I( }% S. s R; S
frame-relay lmi-type cisco9 V" S0 [) D$ s; o9 P2 ^3 c$ u' E
end
4 O( K1 j" O' Y% l0 }4 DR14#! z- I& h4 T2 A( r5 o
//在R14上查看frame map可以知道R14和R15成功建立,但无法和R13建立,所以问题直接上R13去查看。6 C* V( V: N# [$ r
R13#show fram map
' |# z3 d1 O7 J. w; S! _5 ]+ ?Serial0/0 (up): ip 172.16.13.1 dlci 341(0x155,0x5450), static,. u; }$ r T/ C- r. r! W8 G2 Z( k
broadcast,
6 N" w$ u' p5 }4 ?0 q CISCO, status defined, inactive
+ C, c$ K& a7 ~% Z4 h4 a4 `: lSerial0/0 (up): ip 172.16.13.3 dlci 345(0x159,0x5490), static,
& N, T! R0 b( U' C/ U broadcast,4 X. u0 a' D# k2 V8 ?( |6 e7 j& |
CISCO, status defined, inactive5 V4 ~8 U3 i ?/ I. L( ^
R13#
8 n) ^- F& C* ~ x) ~" i* XR13#show run int s0/01 r3 N6 V- y7 C0 r3 t4 D3 x
interface Serial0/0
. f/ L$ \+ x4 [. \7 O% F ip address 172.16.13.2 255.255.255.248
! d# `! h/ K- L encapsulation frame-relay
$ P: s% l; d' R5 g* v0 S ip ospf authentication message-digest" Z7 T) O: p5 V& X
ip ospf message-digest-key 1 md5 cisco5 A4 q: ]3 u4 w' ]4 V5 q7 Q
ip ospf network broadcast
' }; u8 c9 J I1 T- \* e7 x+ y8 V ip ospf priority 2551 h6 O7 [, E6 A$ e5 ~) _9 N6 {
serial restart-delay 0
' G; v l. z+ T" w no fair-queue
7 Y4 J ^5 b8 h6 v frame-relay map ip 172.16.13.1 341 broadcast S' `+ e( x2 C2 R+ h5 f1 D
frame-relay map ip 172.16.13.3 345 broadcast
; j* n- s" s4 L- X' @ frame-relay lmi-type ansi
+ G3 d# S' Y2 W4 Q frame-relay intf-type dce+ L% [( C% [4 }4 E- ]
end' q& c& M# H4 f; @9 }
R13(config)#int s0/05 o7 B' w0 p: e! V# q7 z; M
R13(config-if)#no frame-relay intf-type dce
& o. d2 Q' F& Q2 @R13(config-if)#no frame-relay lmi-type ansi1 @1 i6 ]) @3 b+ g8 O
R13(config-if)#
9 Z2 L% c1 P/ s' ?8 R/ C* B. c8 Q*Mar 1 00:04:07.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up; k; t. x r8 l0 \& P/ ~3 v
R13(config-if)#do sh
' X9 b! U; |. {8 m9 s*Mar 1 00:04:36.947: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.15 on Serial0/0 from LOADING to FULL, Loading Done
5 W" Z1 W+ h" d*Mar 1 00:04:37.283: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.14 on Serial0/0 from LOADING to FULL, Loading Done
) C2 ], S! T( l8 Z. `//假设FR无法进去配置,那我们有应该让删除所有帧中继非默认配置,好让frame-relay自动协商成功。9 ~. n: T' o5 _6 l+ d9 O
R13(config-if)#do show ip ospf nei
8 z& L2 d: c$ s1 eNeighbor ID Pri State Dead Time Address Interface( q! ?7 P3 G$ v P
10.1.1.14 1 FULL/BDR 00:00:38 172.16.13.1 Serial0/0
' e2 T9 p. f! y8 w; p. V. h# M10.1.1.15 1 FULL/DR 00:00:38 172.16.13.3 Serial0/02 Q/ X0 W. v3 Y4 Q7 B
R13(config-if)#
( l7 H* P% O: k7 q' @0 kR15#ping 172.16.13.2" g. R) Q! \% |9 ` f" A, f
Type escape sequence to abort.7 L0 Y- R7 F0 R7 e
Sending 5, 100-byte ICMP Echos to 172.16.13.2, timeout is 2 seconds:
+ ]2 [4 R( Z3 a+ Q3 x2 y4 k!!!!!% I/ Y! q! G. ]- I
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/44/60 ms
5 _+ _' u/ O5 A2 `3 l9 wR15#ping 172.16.13.3
+ `7 w* q- B: D4 z, K6 M7 vType escape sequence to abort.- _1 G( w, A1 \) i8 s
Sending 5, 100-byte ICMP Echos to 172.16.13.3, timeout is 2 seconds:
* G5 s: A) f! r3 Z!!!!!
! k$ i0 i3 \1 x* N" v( lSuccess rate is 100 percent (5/5), round-trip min/avg/max = 12/42/64 ms
0 G; Y I! o. f4 {% a, MR15#
9 I* P" h9 o: Q9 r" |% d6.R24 & R29 should ping R10 FTP address 10.1.1.10.
1 `7 V0 G3 w0 U) e& ~, x$ }+ Y//这个题目包括了很多意思和内容。
" F7 _0 k( Q. p$ F1 W. \/ S 首先是R24的问题,R24有个EIGRP负载均衡,是否需要解决,取决于题目的要求。
: z: h6 Q" R$ ~* ] 在这里我会解决负载均衡的问题。0 `+ N# m$ [; v3 v( M" u, ^+ d
其次,R24和R25中间的帧中继问题。$ M5 `2 L- ]- x" ?+ Q) I
再次,R25和R29的串口问题需要解决。
+ }$ z \% |: e$ _$ [- E 最后,R13到R10的链路,是否可以正常通信,是否有访问列表阻止。/ R- Y) |2 |( p& ]* W
solution1:R24 和 R21 负载均衡问题。(与第七题一样,这里提前解决)
7 z/ l" Q2 _! w% D, nR15#show ip int br
7 |( D6 F2 Q6 j" a5 FInterface IP-Address OK? Method Status Protocol) [, j# l/ t* `
Ethernet0/0 172.16.13.29 YES NVRAM up up
/ a' Y$ j* G) s- s% S) P//这个接口是连接EIGRP的接口。
- ~# d! `" X a2 W' z/ M `R24#show ip route
& ^) k* o; u3 b! B 172.16.0.0/16 is variably subnetted, 7 subnets, 3 masks
* r2 p9 `( ^! T/ F" z; qD 172.16.10.16/29 [90/307200] via 172.16.10.11, 00:06:15, Ethernet0/0) `+ I) ~- J# c0 ]0 m6 Q
D 172.16.10.24/29 [90/307200] via 172.16.10.10, 00:06:19, Ethernet0/0
+ m$ I3 G' |! g4 O% I( ~8 f//到达R21的路由通过R22和R23过去,R21 E1/0是.26/29,所以该子网内的主机是25-30。
$ V5 U) }5 z0 x r8 p' F: L R21 E2/0是.22/29,所以该子网内的主机是17-22。
4 f! K1 w3 T3 h& J7 s% W2 F 因为地址不重叠关系,R24去往R21是通过两条路由标识。$ ?. z/ ~7 B4 M$ d' X5 \
查看R21的接口配置,看看R21返回R24的路是否负载均衡。8 h* n( m" w0 `' V
R21#show run int e1/00 Q$ ?& }5 e0 Q. e
interface Ethernet1/0" E7 A* j$ A8 y2 k1 g
ip address 172.16.10.26 255.255.255.248! \7 c; K4 T$ C2 g% x6 _
half-duplex
8 ]3 h& b! X$ M; I' q9 Fend
4 [) i- [7 P' vR21#show run int e2/0
4 U- E7 H0 o2 h9 t* y3 ~' {4 Pinterface Ethernet2/03 u2 P, Q. K+ a' z
bandwidth 1000000
( H/ o( g$ t4 e; i ` ip address 172.16.10.22 255.255.255.248/ y1 Q5 H% X8 o* N# K* R( `
half-duplex1 ]* Z8 Q1 S- F+ Z" ?% x
end3 u& t+ } a T9 _, P8 C: f
R21#) V+ B# h6 Q; X! s7 F: v! k
//可见R21对R23的端口做了带宽的设置。
{- G) [& D( C: z, _+ c7 `R21(config)#int e2/00 B; l, v9 s/ y; A) c# w9 ?
R21(config-if)#no bandwidth 1000000+ ~' U- ?; Y, D: Z2 G H9 j1 t
R21(config-if)#
3 m6 z- E; u/ \% o+ v& BR21#show ip route9 F C; ?0 f7 M6 `% o" ?! S
D 172.16.10.8/29 [90/307200] via 172.16.10.21, 00:00:05, Ethernet2/03 a5 b0 d9 ~; z& J: y+ y
//去往R24的路径还是没有变化,其他设备查看接口配置情况。# Z3 Q' @3 `8 b4 K
R22#show run int e0/06 L/ b( x# k& [
interface Ethernet0/0
4 l( z+ h9 m( t# F1 D a6 U ip address 172.16.10.10 255.255.255.248+ G2 Q" i2 M$ c* i# B
delay 200% G( n; j% l' X% X
half-duplex/ Z$ ~8 @" a: q0 r6 v
end1 i& k5 n4 l. y3 X1 x' F
R22#
2 s0 L* m. @6 @! O//在R22的接口上面做了延迟,解决它。# v% X7 K* b$ E( e# H! c
R21#show ip route
2 o& n( A: J. d- XD 172.16.10.8/29 [90/307200] via 172.16.10.27, 00:00:03, Ethernet1/0
; p& }* o. [( p0 h0 p2 f( P7 ? [90/307200] via 172.16.10.21, 00:00:03, Ethernet2/0
: b+ o' A: I! j* d/ v) S$ |% X, h' y# x//现在可以实现负载均衡了。9 U5 f$ g+ O8 c9 J( `# n
solution2:R24和R25的帧中继问题(以前是帧中继问题).
4 l" X. H- t4 P3 a$ V8 \R24#show fram map
3 \) X3 J9 ~ @Serial1/1 (up): ip 172.16.10.77 dlci 809(0x329,0xC890), static,3 `$ B* W6 L0 _
broadcast,
* R* y; e1 T! {: v% I CISCO, status defined, active
7 K& b# y) C" d( F" d$ {# ISerial1/1 (up): ip 172.16.10.78 dlci 809(0x329,0xC890), static," b: a) C7 _9 G
broadcast,6 Q+ g! j4 \; \3 G Q g+ A/ }
CISCO, status defined, active- x8 m0 N) U0 S8 m7 m
R24#4 A% J1 f4 q- n/ w2 ~) ]2 W- Q
R24#ping 172.16.10.789 f) s/ O! `( ^# p
Type escape sequence to abort.9 t4 h6 I9 q, Y# k% M( |
Sending 5, 100-byte ICMP Echos to 172.16.10.78, timeout is 2 seconds:
! l# ]" k8 h+ j!!!!! @% _) T& g. @* \
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/36/80 ms& D G( o0 X& I4 u( i0 g7 d, s8 A
R24#ping 172.16.10.778 ^3 K8 b# i; ?; _" H" [1 P
Type escape sequence to abort. s2 N& U9 k' z: d% r& p( x
Sending 5, 100-byte ICMP Echos to 172.16.10.77, timeout is 2 seconds:
9 w ]2 I2 b/ Q! }!!!!!2 H, o9 e0 T6 S1 q7 Q9 c6 q: G8 K9 n
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/62/88 ms
; e: k' ^+ ]3 k- \: x' x; ~8 [& BR24#
; y0 Z( Q6 O/ m: i0 ^" Ssolution2:R25和R29的Serial 问题(以前是MPPE问题).
) i5 p& i- a5 c# KR25#ping 172.16.9.2
5 d( H/ R( a2 n- D* v) V+ gType escape sequence to abort.
' }% g. o7 E; J: f% e/ I: v) vSending 5, 100-byte ICMP Echos to 172.16.9.2, timeout is 2 seconds:
/ U0 x: s9 E1 P!!!!!
* {+ P Z9 `/ [3 OR29#show ip route
$ {, N( o! v$ k* i) T/ V 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
2 N) R4 z- V5 s. p* CC 172.16.9.1/32 is directly connected, Serial1/0' J; X% O2 R$ }2 P
C 172.16.9.0/29 is directly connected, Serial1/09 v0 A @. E9 q! N' Z
192.168.20.0/32 is subnetted, 1 subnets
& b0 j/ g% [* Q. x' K5 b6 V# QC 192.168.20.1 is directly connected, Loopback16 |( c3 ~' W6 {4 d
10.0.0.0/32 is subnetted, 1 subnets
* G9 T1 @7 o `: _& O4 m, z8 L. |C 10.1.1.29 is directly connected, Loopback0
; |: ^- F# \- |( P ~+ S//R29只有直连路由,并没有学到EIGRP内部路由。检查协议情况。
7 s& F$ w4 F0 w$ \7 TR29#show ip pro. S) v( y6 Q' w, u
Routing Protocol is "rip"
. [: x }/ D9 R# b' Y0 T- l. ? Outgoing update filter list for all interfaces is not set
8 ?4 k2 f. S5 R0 [ m Incoming update filter list for all interfaces is not set
6 q* Z$ n3 @# ^ }5 @ Sending updates every 30 seconds, next due in 20 seconds0 ^1 ^' G U( i) U
Invalid after 180 seconds, hold down 180, flushed after 240" s {+ k" _, _) c* e
Redistributing: rip
( k8 N8 [. X4 C8 }' n0 b4 G Default version control: send version 2, receive version 2
0 O8 w4 \' e4 Z! x- n Interface Send Recv Triggered RIP Key-chain
6 d% n: u& A! h9 G/ l v. { Serial1/0 2 2
+ f: `0 Z0 K8 j0 F5 c2 N$ }7 e$ Y Loopback1 2 25 e' V) L: k, q2 t6 x4 V# V+ W" k
Automatic network summarization is not in effect7 ?; h' ~% q7 l% [$ x/ Q: z0 s. B
Maximum path: 4
: B9 c, M# L8 V- T! ~2 U Routing for Networks:/ [4 I3 V3 z# C: B
172.16.0.0, A- P n( C/ J# K, L+ b) N. T$ b
192.168.20.0$ C; T* N/ D/ P7 D7 a
Routing Information Sources:
5 Y4 i6 r& }$ `+ h8 p6 G Gateway Distance Last Update
# L( `, L. h2 o- G+ G% } Distance: (default is 120)/ \* x' Z. Z3 g, x6 R5 y3 G4 ~; \! S$ K
R25#$ z2 o# i( L m( y
Routing Protocol is "rip"8 q9 `7 K+ N( J$ D
Outgoing update filter list for all interfaces is not set% P2 l' ~2 A8 O8 [0 i, U
Incoming update filter list for all interfaces is not set6 n+ ?5 `+ u: t# G. \) ]7 r3 V
Sending updates every 30 seconds, next due in 14 seconds4 w5 y9 I6 n' k) O3 m
Invalid after 180 seconds, hold down 180, flushed after 240
# K) `3 `/ H$ |$ C$ k. }3 P6 Y) c Redistributing: eigrp 200, rip6 z1 F/ ^; b6 j
Default version control: send version 1, receive version 1$ `* K, x2 M7 [& V6 p9 ~
Interface Send Recv Triggered RIP Key-chain
5 f; p( c: e# J% Q- P Serial1/0 1 1
$ k, m) m6 ~! Z; W( w( }' v& w. _ Serial1/1 1 1
: }- H6 K- q' g# k4 u5 a* H( R Automatic network summarization is not in effect
7 B1 @+ F3 U! D: d Maximum path: 4, L2 `* T" v4 }6 [# @7 I
Routing for Networks:
( Q9 g% S& D2 p1 X* z 172.16.0.0" e7 \ C2 c" y- ~9 k% v. p) b3 u* m
Routing Information Sources:9 `5 q, |$ o% ]; c' a; {0 Z
Gateway Distance Last Update
' I( c5 c/ a8 K7 v Distance: (default is 120)
1 @/ P- Z% w* sR25#& J+ T: B+ b0 d5 E
//R25和R29发送和接收的版本不一致。
% U) p7 U* ^/ w/ }( f! l( Q# WR25#show run | be r r6 `6 J5 E' U/ d6 l) X* h% Z' e
router rip
/ c0 o7 e! O% O: j" }6 I# L version 16 Q4 `( y' m7 ]. a1 L# y
redistribute eigrp 200 metric 2( O0 O4 @( C7 j1 \3 B% l+ E
network 172.16.0.0
! f6 t, g6 M8 ?) P' [9 Z8 E: F5 ]. p6 A no auto-summary
' H4 s& Z6 T+ B$ BR25(config)#router rip
2 }6 v) ]4 C+ g3 g6 i) v3 D7 o) k6 L" {R25(config-router)#ver 2
* J, _- W* t0 r8 W$ jR25(config-router)#+ Q) p. k# d% f, M% l" M
R29#clear ip route * //加快刷新路由表速度。
% F e4 Q( f) Z% l7 S# \R29#show ip route
/ {/ `7 [4 Q9 }, n% e) E! l7 I 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
# n* }2 s2 G8 w$ |# UR 172.16.10.16/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/08 r" H i$ t' X) d/ n
R 172.16.10.24/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0' T' F! m& K5 F
C 172.16.9.1/32 is directly connected, Serial1/0
; ]3 G+ Z$ d7 ]* v5 Q+ AC 172.16.9.0/29 is directly connected, Serial1/0: Q2 Z; k {8 c
R 172.16.10.8/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
# X7 |, o+ J. C6 R2 e; BR 172.16.10.72/29 [120/1] via 172.16.9.1, 00:00:01, Serial1/0; j. N/ Z+ y- ?7 E7 u- O
192.168.20.0/32 is subnetted, 1 subnets. b3 A6 G( ^4 V( q
C 192.168.20.1 is directly connected, Loopback1
& O8 N( D4 y9 I6 g2 V. I" `6 m 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
& E# ? p3 V' XR 10.0.0.0/8 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
9 H0 K1 v* X- ER 10.1.1.25/32 [120/2] via 172.16.9.1, 00:00:01, Serial1/0, } P7 m" s4 k9 P3 N3 B$ z. {
C 10.1.1.29/32 is directly connected, Loopback0
& j) x: n0 Q& ?8 A; ^R29#
- c' O) R2 P$ \/ O( p y//R29目前只能ping 到R21的EIGRP端。! _+ U0 {$ s5 W7 i
检查R21的重发布问题,为什么EIGRP收不到来自OSPF的路由。
- X) E. k7 ]5 [" A. ~) ~! ?R21#ping 10.1.1.10 //R10的Loopback口7 x' L, h; j7 n( Y1 ]
Type escape sequence to abort.) O& Z- M$ E+ D$ h2 R% m# v" E, \
Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:
% S3 o- Q# _' m+ o( {!!!!!$ B/ ^9 o+ s" Y! r0 L1 ]
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/67/80 ms3 n6 l& j+ L/ E6 P" J
R21#ping 172.16.14.17 //R10的物理端口
" n3 _7 _ ?4 ~; ]% y- c6 x( BType escape sequence to abort.
& N7 U; B$ a; Q( N5 ASending 5, 100-byte ICMP Echos to 172.16.14.17, timeout is 2 seconds:
' Y) W1 L; x' k# D* S. L!!!!!0 b4 M; `5 `# S% H Z
R21#show run | b r e
7 ?- x: y, E! y# r- h- O& Frouter eigrp 200
% `6 |+ Q2 ~- `( w redistribute ospf 1
. t/ w5 A) K0 s8 ] network 172.16.10.22 0.0.0.0
% k' Y" M1 G% |: j2 t network 172.16.10.26 0.0.0.0
$ S6 i% _0 X+ s* a! P7 n5 M no auto-summary
6 d$ w* _: j; F# h!1 }0 E. G, K0 S
router ospf 1
+ g2 l9 k/ i' L6 w7 \ log-adjacency-changes f2 S* Q8 \# z/ W8 x' ^1 K
area 1 nssa
! ]9 x* X4 ^7 D. s& g redistribute eigrp 200 subnets
/ R/ D$ K& V8 s+ g1 b network 10.1.1.21 0.0.0.0 area 16 C+ [1 J- f# W( [
network 172.16.13.30 0.0.0.0 area 1
- g* G- e4 `# Y* Q4 E) R6 [& `R21(config)#router eigrp 200# [6 n2 g. E, D( }* e: {4 q! u# ^
R21(config-router)#redistribute ospf 1 metric 10000 100 255 1 1500
5 D4 U a3 s3 |8 CR29#show ip route' N) P! k% l4 q' ]
172.16.0.0/16 is variably subnetted, 14 subnets, 2 masks! F: p# R V( K+ P0 | h6 Q/ w
R 172.16.14.32/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
' Z# _% ]7 R( _; \# m* r. d5 W! ?R 172.16.14.40/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/01 N9 `; U% K! C. v5 s! I
R 172.16.14.16/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/07 Y4 P+ t. e% b0 l3 \% C* G2 L
R 172.16.10.16/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0, i3 l% W* W# f l# R- Z9 F
R 172.16.13.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
, j; M4 p6 w; a8 A$ j$ hR 172.16.14.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
1 U! T( R- a# l+ d8 q9 MR 172.16.10.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0 a5 V! w4 A. L$ U; B' d6 V9 J9 v
R 172.16.13.0/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
$ l4 q% y$ T& nR 172.16.14.0/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0) E4 u/ }1 P" O. @1 c( ]9 f; W3 H+ B
C 172.16.9.1/32 is directly connected, Serial1/0( w; R4 ~; T0 G/ y
C 172.16.9.0/29 is directly connected, Serial1/01 C, `3 q( k/ ^* c- `& j, m( U" X
R 172.16.14.8/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0/ v2 Z* i ?/ P8 Q7 G3 D$ c6 Z. V+ J$ _( l
R 172.16.10.8/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0: H- O3 Y5 `' v7 e+ e* O
R 172.16.10.72/29 [120/1] via 172.16.9.1, 00:00:01, Serial1/0
3 {2 _3 S/ y! I9 T 192.168.20.0/32 is subnetted, 1 subnets2 ?! ?) }# w, x+ A+ w, H
C 192.168.20.1 is directly connected, Loopback15 v' `" S& l2 D( B" w
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks9 s- ?" c! s+ A$ Z; ?0 i; |
R 10.0.0.0/8 [120/2] via 172.16.9.1, 00:00:01, Serial1/0; J7 ~' `' T0 f( S+ ]
R 10.1.1.25/32 [120/2] via 172.16.9.1, 00:00:01, Serial1/0# u* {! M# a+ W4 D
C 10.1.1.29/32 is directly connected, Loopback0) O! I) C/ F2 } D. _
R29#ping 172.16.14.17) r# X; D# @2 g+ O: y2 H% B
Type escape sequence to abort.
2 }/ y6 i5 B- g' p* KSending 5, 100-byte ICMP Echos to 172.16.14.17, timeout is 2 seconds:) H# d& A g9 I0 \' b8 L; q
!!!!!) A9 Y+ T+ _( o' v
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/95/160 ms* R) C5 Q/ V- J- L. `/ [
R29#ping 10.1.1.10
! N: q P0 ^. m8 @Type escape sequence to abort.* Q! h9 n( Q* m; R! ?! U2 j
Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:! {6 {& B) {0 }+ w
!!!!!! {* m; z0 J, n! r1 M
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/108/148 ms7 T: @8 O1 N8 B7 v
R29#1 b8 k4 Q8 A* [) d8 h) l
7.R24 forward to FTP server 10.1.1.10 should come true bidirectional load balance.4 ]: A! o' ? N6 q
R24#show ip route: {0 B8 D' v9 L; ]
D EX 10.1.1.10/32 [170/332800] via 172.16.10.11, 00:07:18, Ethernet0/0
' o* D0 _* f9 _' x [170/332800] via 172.16.10.10, 00:07:18, Ethernet0/05 g% y1 J: |/ M
R21#show ip route
M: M D+ c- |6 nD 172.16.10.8/29 [90/307200] via 172.16.10.27, 00:02:06, Ethernet1/0
! w8 [( Z; C$ I ]8 E [90/307200] via 172.16.10.21, 00:02:06, Ethernet2/0
: i. s: B i' R7 |//R21和R24的双向负载均衡。解决方法就是第六题的solution1
2 `7 Q( L0 X0 D% p8.R3 is IP multicast server, R13 should ping R3 multicast address success.
! H" X2 U( T0 _! B) l D, R+ A//既然已经知道R3是multicast server,那么这题思路步骤要按照IP multicast的路径一个一个往下游检查。
* B! U0 [2 D3 b0 B) R3 w 如果不知道,就从目标一个一个往上游检查,直到检查到multicast server。
$ q1 {6 J; b/ |/ n7 j multicast的主要命令有:
- Y K! H' g& m" t4 s c/ n ip multicast-routing 激活多播路由,为了防止路由黑洞' b8 S7 G E6 ~7 K- y2 L4 b4 z
ip pim [sparse | dense | sparse-dense] mode 启用模式7 q4 W4 N0 P4 z0 d
ip pim autorp listener 组播监听$ S7 ~0 H$ X* \6 ?- w6 A4 u- L
这些命令都是基本的,必不可少的命令。应该在所有路由器上都可以找到
& l/ U' h/ r9 M2 |; B0 zR3#show run | in ip pim
) ^# y4 t0 t0 d) X, Rip pim send-rp-announce Loopback0 scope 1 group-list 1: _, _9 v+ |. X+ n- \- c
ip pim send-rp-discovery scope 1
# F3 g* d) Y2 D, L9 E9 t. h; aR3#" A& j3 b7 b; z# N7 w
//pim 跳数限制成1跳,改成16跳。并且查看group-list 1。, V& n q$ B/ s3 H' ]9 B
R3(config)#ip pim send-rp-announce loopback0 scope 16 group-list 10 U [- ]. A8 L w) V6 O4 {5 V
R3(config)#ip pim send-rp-discovery loopback0 scope 16" I8 |5 K2 i7 t) T) u( Q& v
R3#show access-list) s1 X6 c9 T( Q4 t c$ }
Standard IP access list 1
! o" \( X1 I- a4 w. ~/ S9 p 10 permit 224.1.1.2
& K3 J% n* F% ^( {% E4 q" FR3(config)#no access-list 1
+ [) N) t0 R9 ER3(config)#access-list 1 permit 224.1.1.1" R, e/ L6 O# W0 J1 _
R3(config)#
! r/ X8 {# ^5 I& {//题目要求挂的组是224.1.1.1 所以改回来。
: @/ f) }+ s( P: Z) Z9 QR3(config)#do show ip pim rp map3 y5 d" L; [1 X4 t, n
PIM Group-to-RP Mappings% [+ M, T) V5 Z1 c8 y
This system is an RP (Auto-RP)
! ?3 W$ }& ]7 X" B: y* \9 sThis system is an RP-mapping agent
$ G, v, N: `: f. R! D" hGroup(s) 224.1.1.1/32# Q" O3 o% Q: T5 M' S
RP 10.1.1.3 (?), v2v1
2 Q* ^( W6 S4 k X Info source: 10.1.1.3 (?), elected via Auto-RP
9 u O B9 c2 S1 z Uptime: 00:00:45, expires: 00:02:12+ _- J2 ]* _7 e+ ~# y
R3(config)#do show run int lo0. \6 j f' V. P( }( O) ?5 F
interface Loopback09 y" e. @5 n' E W5 a
ip address 10.1.1.3 255.255.255.255' Z& r! j+ a0 O2 V0 l8 Y0 ^ P
ip pim sparse-mode- Z) V) h/ r+ f! L* }2 y
end# y) w _- z& q, r( S. z" S. d
R3(config)#
- [/ C7 U; s, k. L7 n7 l2 @//Loopback0应该加入组,做映射代理。/ g4 V$ K9 c8 M4 l
R3(config)#int Loopback0, V% `0 Q- E5 q: x+ m5 P* v/ @
R3(config-if)#ip igmp join-group 224.1.1.1$ c4 v2 H9 O D
//从上面的show ip pim rp mapping可以得知:自动RP$ d3 C6 U4 |, k2 p
所以所有路由器都应该启用autorp listener6 U/ B+ U6 V: h/ l& G
这些就是multicast server的基本配置,接下来往下游逐一检查。1 a. B% T1 Q) R/ k
R5#show run | in ip pim& m7 \- h: u5 j9 R; W: P
ip pim sparse-mode
8 g# ^3 v" O) q4 u8 W1 Y ip pim sparse-mode/ ?' x! Q& S; P% h# m
ip pim sparse-mode
3 v0 ]8 u6 k3 K! J. f2 OR5#show run | in inter* ^3 K( e3 k u' z6 ~. p
interface Loopback0
5 t6 J2 {7 c2 h/ yinterface Ethernet0/0
Q: m0 s6 S1 qinterface Ethernet1/0
1 L; F- W3 `8 N. r6 x, \R5(config)#ip pim autorp listener4 N' h- I5 K. {# h$ C9 ?# v
R5(config)#do show ip pim rp map' O. p5 Y/ ]% j1 t, Z9 q) \+ z
PIM Group-to-RP Mappings
* d$ Q2 u' D1 ~; EGroup(s) 224.1.1.1/329 H4 D3 M2 L7 |- p: n; x% A
RP 10.1.1.3 (?), v2v1
( b k" F5 X- i' I, }* c Info source: 10.1.1.3 (?), elected via Auto-RP% r/ ~# `5 R& y' W' F
Uptime: 00:33:36, expires: 00:02:09# u( W' ^. x+ M. h
R5(config)#do ping 224.1.1.1
8 C" @( I: s) A% u; H$ JType escape sequence to abort.
6 \2 @; a$ X7 ^Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:
) }# @2 l9 R" d* z6 KReply to request 0 from 172.16.15.9, 28 ms
- V0 C! [4 D' }$ k6 R8 L$ W2 ~R5(config)#& G8 Z4 K- [- Z0 o
//R5学习到了映射表,查看R9是否能从R5上学习到。
) z$ W6 `8 T9 fR9#show run | in ip pim
& d3 S- M U0 |5 E: P; l; F! l ip pim sparse-mode
9 |: ^* v8 A7 R5 u% q9 V ip pim sparse-dense-mode
" R' t/ L; }% p: k6 a ip pim sparse-dense-mode
' J+ O% q& R5 V* t6 ? ip pim sparse-dense-mode
& d+ h$ g: y0 J- }0 u! F) ~, e ip pim sparse-mode V3 h; o& E/ v. l5 W2 `$ Q
R9#show run | in inter
6 O- W, H8 p J9 u0 z: Minterface Loopback0
/ J% h' z$ t$ l, }3 Pinterface Ethernet0/05 a1 F! `5 g6 J9 m2 s# k
interface Ethernet1/0
# M( a% d/ _ M9 b/ o/ K7 U+ u) m' v, xinterface Ethernet2/0; b E. c) [2 d5 G/ }. U
interface Ethernet3/0
Z0 l4 Z8 \8 A7 F2 P& Y" r: D9 L; qR9#
4 z1 r* B0 ^ Q0 E1 ^2 X0 j2 ]//把sparse-dense-mode改成sparse-mode,模式必须一直。3 x1 y( W8 k# {1 D9 t. X- A* Z: F
R9#show run int e0/0 C" K0 }0 k& O. t
interface Ethernet0/0/ ~8 V" D h& s
ip address 172.16.14.1 255.255.255.248
0 K s; l( a1 c& N4 I ip pim sparse-dense-mode
; g: `% h) U0 ~ ip ospf authentication message-digest
9 z2 L0 @! S. _/ R' ^ ip ospf message-digest-key 1 md5 cisco8 K7 I, N3 m! f, L3 B
ip igmp access-group 104 B! g! Y" K! i, s7 j* O) U+ A
half-duplex" Z) @; [: e- x6 Y
end9 q$ M, O8 p. Q" K' p
R9(config)#int e0/0, x- U! l* ]# P5 `/ P
R9(config-if)#ip pim spar6 V/ Y# b3 N+ d6 [
R9(config-if)#int e1/0& x3 `. L, o8 o# f0 b
R9(config-if)#ip pim spar7 Y7 [( T L/ K2 n4 F: b) I6 [& r
R9(config-if)#int e2/09 e' u# \* }6 P9 S. l" S$ n
R9(config-if)#ip pim spar
7 @( @+ T; D; _ O4 ?7 m8 a S* E1 [R9(config-if)#do show run | in ip pim
5 b8 V+ g$ y6 w6 M ip pim sparse-mode. `# @- Y& s" q1 R$ G
ip pim sparse-mode. }& K. s- e; U. O5 P% e. G9 }) l" L
ip pim sparse-mode2 D" P J8 u) v1 Y& z/ y
ip pim sparse-mode; i- W5 A$ ^; M9 S: q7 t
ip pim sparse-mode, ]3 \% K+ S! q' U# w
R9(config-if)#
. T _4 X3 z% Z//修改完模式后,是否有留意到端口上有个IGMP访问列表?
0 @& D6 B \7 y: v2 { 把访问列表修改成放行,因为访问列表最后默认有一个deny any,所以会阻止下游路由器访问。
6 Y$ @' ?7 ~7 i* P* g' X5 O& MR9#show access-list
7 Z7 F; j* i" m$ A2 m u( W3 iStandard IP access list 10( r- N* r9 |7 o; r7 [
10 deny 10.1.1.3
$ ~) M% g- V3 x! U; O1 Z9 m4 d- ^R9#conf t
) j6 ^/ v$ ?4 ~/ B) h; H6 ]R9(config)#no access-list 10
2 ^4 x0 L2 Q2 w$ ]R9(config)#access-list 10 permit any) \& k5 G( M9 ~) O5 V7 @* R# ~
R9(config)#6 j! M% J; {6 H8 Y( b+ d) S
R9(config)#do show access-list
0 \1 S" U2 T* R L% q/ n1 w3 c7 B KStandard IP access list 10
d: j1 O. _6 S9 g 10 permit any
$ [! x# ~! n% A% x3 Q; mR9(config)#( ^/ k1 G4 X2 ]& U$ M
//完成后查看mapping
/ ^1 u/ q% C0 k- N2 UR9(config-if)#do show ip pim rp map
* d2 L: q, \. j+ LPIM Group-to-RP Mappings1 [; a: \9 c+ R/ M% r" h Z
Group(s) 224.1.1.1/32
- C9 [- w5 O* o2 `: T* r7 O( D RP 10.1.1.3 (?), v2v1
$ B7 M& E& f, u' P7 q Info source: 10.1.1.3 (?), elected via Auto-RP6 F- F! F) L: R4 Q2 ^ Q# z
Uptime: 00:03:29, expires: 00:02:28
- |8 `. j/ m6 x4 ^4 BR9(config)#do ping 224.1.1.1* d4 R5 @3 X6 X& W( v
Type escape sequence to abort.
: ^0 m/ I/ \2 S7 n! P) ISending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:4 a g Z& a, ?7 k3 q
Reply to request 0 from 172.16.15.9, 80 ms
: O1 e* L0 f% c. I: D6 \2 @R9(config)#6 a1 ?( L! B1 d+ ?1 G, K
R9(config)#ip pim autorp listener //记得把这句敲上% z, X' x" E3 z4 @
) O9 B0 Y Q9 ~ T, R3 Y" y8 uR11#show run | in ip pim
( G+ p2 }5 @+ E1 O0 y' ^. f5 x4 B. xR11# //什么都没有,也就是R11没有启用任何组播。
* R! E' \: O4 M' l! a7 JR11(config)#ip multicast-routing* u# S; h0 c: y/ Z1 f3 u8 E
R11#show run | in int
, L- ^, T- I, Y M Ainterface Loopback0
& T9 t, A- G: r5 g* v1 \: _/ `interface Ethernet0/00 \+ F" q+ j& a4 g+ a
interface Ethernet1/0' l7 s4 ^0 k& J8 l- _- B* R5 C' {/ ], O
interface Ethernet2/0
# e! w' r M9 l. H" K0 k/ k% dR11#) j( k$ w6 y: t0 t! h& F3 n
//在所有的接口上启用. V2 T4 R% w- f: ~
- {0 o6 \) T% r2 `+ B+ [0 f# B1 v
R11(config)#int lo0
8 N7 {' t+ Q2 Z# s" ?- I$ lR11(config-if)#ip pim spar: p6 C5 ]* i6 N% s
R11(config)#int e0/0
/ E, U0 h- k' lR11(config-if)#ip pim spar
) X+ H- R6 M1 e: n! l" ^1 S) SR11(config-if)#int e1/0' f- m! t% Q3 a& N9 K6 T! s
R11(config-if)#ip pim spar
: s7 Y. `' T9 Q/ z' q. w0 h* jR11(config-if)#int e2/0
' N* u. R4 r+ D: ]R11(config-if)#ip pim spar
. a. X( X1 a7 u; E/ h*Mar 1 01:00:13.527: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.18 on interface Ethernet0/0
$ [: j* z. L/ `$ a/ l3 E*Mar 1 01:00:15.283: %PIM-5-NBRCHG: neighbor 172.16.14.33 UP on interface Ethernet1/0$ I2 _% H* ]: Z% R
*Mar 1 01:00:17.215: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.34 on interface Ethernet1/0
& t$ U" @* l$ Y8 u# P*Mar 1 01:00:19.479: %PIM-5-NBRCHG: neighbor 172.16.14.42 UP on interface Ethernet2/0
) Y, F7 Y" G7 S% b0 l1 L/ L*Mar 1 01:00:19.515: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.42 on interface Ethernet2/0
6 q1 r6 V) K$ O9 R*Mar 1 00:59:10.463: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 10.1.1.11 on interface Loopback08 h. y8 w/ \1 O8 h3 k9 l7 h2 i
R11(config)#ip pim autorp listener
1 U& F* O) p' F) Q0 L" K, RR11(config)#do show ip pim rp map
* b: C. x Q& P, f/ j) H$ nPIM Group-to-RP Mappings" N9 M* R/ g6 _: U" W3 S* B# P
Group(s) 224.1.1.1/32
1 P( }/ C( m' j! a RP 10.1.1.3 (?), v2v1. L w6 ^: Z4 k' N3 H
Info source: 10.1.1.3 (?), elected via Auto-RP
1 K8 D- a3 ~" R5 N1 n& X5 A Uptime: 00:00:32, expires: 00:02:26
, _- {5 V$ x' X. NR11(config)#do ping 224.1.1.1
# o# T6 [# Z1 c: ?Type escape sequence to abort.
, b. M4 Q' V5 Q dSending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:% j: U' W0 O! D' H$ x0 ?! c7 [
Reply to request 0 from 172.16.15.9, 152 ms6 z' e1 {# c1 V8 V+ M/ @4 c5 m7 G* F
Reply to request 0 from 172.16.15.9, 152 ms' I1 R9 F7 |& I9 G7 G: A( ?
R11(config)#
7 p/ n) B: p! O( r) s$ ~//此时R11已经学习到下一跳为R3的组播信息。
2 G! y* f5 X2 T2 \6 YR13(config)#ip pim autorp listener
! u! L) x3 `/ DR13(config-if)#do show ip pim rp map
7 w3 i# a d9 y2 Y: rPIM Group-to-RP Mappings
* x$ b! w' n: d) C2 tGroup(s) 224.1.1.1/32, [) H% \2 J: O- h
RP 10.1.1.3 (?), v2v1. v1 |5 i' }: }9 k
Info source: 10.1.1.3 (?), elected via Auto-RP# n* ~5 J; B' i
Uptime: 00:01:25, expires: 00:02:332 n+ l: _% S+ R# S( M
R13(config-if)#do ping 224.1.1.1
# d; N/ K b" s4 a% sType escape sequence to abort.
* b' T+ o R3 `% GSending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:! G) H4 }4 R( p( L
Reply to request 0 from 172.16.15.9, 112 ms
, S8 f# c8 z9 t+ I" y* HReply to request 0 from 172.16.15.9, 200 ms8 }" v U" z( i5 Q5 J* b
R13(config-if)#! D- Y0 d/ c# `
9.R13 just use loopback Send trap to NMS 10.1.1.4 when R13 s0/0 down.# ?) I* [# W- M, C4 S# y* I
R13的s0/0上有no snmp-server trap link-state! w5 P* U: |) W& ?! v
改成:snmp-server trap link-state
9 [6 @+ O1 P5 {$ X/ k6 C/ w% kR13#show snmp
1 Z) O+ h p0 ySNMP logging: enabled
1 o' s$ K% s, }4 R: z( B Logging to 10.1.1.4.162, 0/10, 15 sent, 0 dropped.# f. I; Q( }3 p$ C! A+ \% Y7 t
R13#show run | in snmp
; I( V+ N7 y* L( S& x4 ^% h6 W4 isnmp-server community cisco RO2 ~/ g5 i8 ?7 Z: {" o5 Q
snmp-server trap link ietf: R0 t4 U0 v1 M: P& H7 m2 ~
snmp-server trap-timeout 100
. H8 E3 ?. B, m4 `: K. p4 x/ ~snmp-server enable traps snmp linkdown linkup
4 f. \( N9 P0 V( a6 rsnmp-server host 10.1.1.4 cisco snmp //如果没有这个命令,debug就无法出信息4 D1 S) n2 \+ z9 f. g* `% g5 g
R13## k* S' H B" A+ S0 @. x
R13(config-if)#do show run int s0/0: i8 B; I% O0 O; H6 g# c. X
interface Serial0/0! j$ B' u9 h& |; R- F, U
no snmp trap link-status % p1 j( I7 c' P
end
, \& k7 i6 m$ ^" u! I$ RR13(config-if)#snmp trap link-status
5 T" K" m4 n. R; Q) {R13(config)#snmp-server trap-source loopback 0
. Q0 V2 H; v0 b, a; k+ OR13(config-if)#do show snmp: j- ]' m+ |# L% N8 ^
SNMP logging: enabled) s1 i* t& z+ \ I
Logging to 10.1.1.4.162, 0/10, 17 sent, 0 dropped.
3 @) h9 A, }( ]//debug snmp packets,开启这个命令后,然后把端口shutdown也可以看到效果。
; ~/ q0 s$ G- y, j# P' r8 S…………" h% p: b5 ~5 ?
ifIndex.5 = 5 7 d, {' h+ y: p3 B) }9 P/ Y
ifAdminStatus.5 = 2
" x& Y- V& j0 a* t5 ? ifOperStatus.5 = 2
/ }: P; [1 l& H6 L% ~: P. [ ifDescr.5 = Serial1/0 ; y: Y% X6 Y @3 d( C9 i6 Y7 A- E
ifType.5 = 32 7 x# X' f$ i( U9 _& @0 M
lifEntry.20.5 = administratively down 1 Z' K' v S) e5 c0 j
//最后记得把端口重新打开( O- m$ w3 C, J8 X; b
10.The question with R13 & R5 roll tunnel.: y- a1 D- X: m" f# U6 `! i
*Mar 1 01:54:26.675: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing- S- }! S. U7 v! J* o0 g/ d y
*Mar 1 01:54:27.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down. ~7 I A' s' {5 @: B% M( J
R5#show ip route
1 u/ ?2 ]1 \6 Q; D% E7 Z7 [) lO 10.1.1.13 [110/31] via 172.16.14.1, 00:00:22, Ethernet1/0) B; V I1 n, h: z0 [" _
R5#show ip route0 m6 R5 h7 F5 E0 r. ?7 p4 I
S 10.1.1.13 [1/0] via 135.0.0.13- F; Z( o7 B/ U7 N% l- h
//Tunnel翻滚,在UP的情况下,R5和R13是通过静态路由连接。
; _4 [% Y9 c# J. r, m8 [ 在DOWN的情况下,R5和R13是通过OSPF连接。
- M: i! L9 P8 e0 \% {7 j! I1 @6 B" v5 R$ K* E( ~6 ~" Q
R5(config)#do show ip int br- N, L' ^5 a' U+ K* p$ j* @ r S0 G
Interface IP-Address OK? Method Status Protocol6 s4 h; b% F* L* t" ]
Loopback0 10.1.1.5 YES NVRAM up up 0 p* K3 s3 O8 H s% k3 {; @) d
Tunnel0 135.0.0.5 YES NVRAM up down' E& P2 ]& a6 A' W
R5(config)#do show run int Tunnel0
: W t1 d7 D3 ^& m# H1 L# w- zinterface Tunnel07 b- G0 B) G. s0 Z
ip address 135.0.0.5 255.255.255.07 y1 f9 ~8 y) F; {
tunnel source Loopback0
- w/ E% |4 k0 D0 s tunnel destination 10.1.1.13$ e6 p1 p& k: w( M. @; f
end
6 n# I% e7 n. z2 zR5(config)#
4 d* G( |( u3 M# j6 o0 h% @R13#show ip int br ~) T" k( a* X1 ?* ?, c, @
Interface IP-Address OK? Method Status Protocol
! N- c+ c0 W; A% z. j3 H: OLoopback0 10.1.1.13 YES NVRAM up up 0 z2 D( J/ k" b5 P1 p7 m
Tunnel0 135.0.0.13 YES NVRAM up down
( P: {. i* {1 s h' h% h9 Q( ]% AR13#show run int Tunnel0
. i+ k3 m% ?) q: v( ^) b1 E4 ^/ U2 Minterface Tunnel0
. r0 f& W% T/ W& S' t* B% C0 _4 n ip address 135.0.0.13 255.255.255.0( j+ o/ D( X* k/ b
tunnel source 10.1.1.130 d! z7 n& s) V0 Q- s2 }" P
tunnel destination 10.1.1.5
2 l4 D$ ?; c* Y- L; S$ z- Qend8 V* t, E! O* G
R13#
) B+ Y, W0 t' T//方法一:直接把静态路由去掉,R13和R5的路由信息会通过OSPF来发送。* c5 z+ c+ x: Y( Y2 F, q, r5 t# N
R13#show run | in ip route" J2 ]+ ?- A1 o0 B) J
ip route 10.1.1.5 255.255.255.255 135.0.0.5
. m5 V( Z: \; N# t+ r1 N; `R13(config)#no ip route 10.1.1.5 255.255.255.255 135.0.0.58 O, G4 U; e+ S% g! k1 c) j$ \
R5(config)#do show run | in ip route
0 E( K7 k: z. u( @ip route 10.1.1.13 255.255.255.255 135.0.0.13+ @% G( H- w* r2 h
R5(config)#no ip route 10.1.1.13 255.255.255.255 135.0.0.13
6 W; ~8 R% n K3 f( M: y" CR13(config-if)#do show ip route
0 ?6 ~; H4 W% ]2 JO IA 10.1.1.5 [110/31] via 172.16.14.41, 00:01:35, Ethernet1/0* J9 q3 p P0 c: _: O$ o5 f! l
135.0.0.0/24 is subnetted, 1 subnets) o) _7 ?. @. a9 L6 E' u7 W
C 135.0.0.0 is directly connected, Tunnel0: a9 X# n) C( e' t
R5(config-if)#do show ip route
9 q0 R" m; G/ {O 10.1.1.13 [110/31] via 172.16.14.1, 00:01:38, Ethernet1/0
9 h3 R9 G$ M X) a( [ 135.0.0.0/24 is subnetted, 1 subnets D3 x8 T V6 E' H3 D$ u' w
C 135.0.0.0 is directly connected, Tunnel0
; V+ m3 m9 ]( ?
8 m2 O* B h5 W1 `8 v! |8 ]//方法二:把静态路由的下一跳改成下一跳物理接口,R13和R5的信息会通过静态路由发送。
' v' k+ t( s! J5 w; zR5(config)#do show run | in ip route
2 L, K: t. o0 _/ o m C. Pip route 10.1.1.13 255.255.255.255 135.0.0.132 ~, H7 k o3 R; ?% z
R5(config)#no ip route 10.1.1.13 255.255.255.255 135.0.0.13
9 H9 V7 w2 g: v0 a6 [' r6 M' RR5(config)# ip route 10.1.1.13 255.255.255.255 172.16.14.1) c3 g g! \; f8 ^. K( T% Z
*Mar 1 00:05:36.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up( e( I i* C. x5 K( e6 C
% v. Y- S# P& ^2 Z
R13(config)#no ip route 10.1.1.5 255.255.255.255 135.0.0.5
% N3 _! j* ^( z2 h _R13(config)#no ip route 10.1.1.5 255.255.255.255 172.16.14.41" R& J/ \+ Y) y! q* [9 _
*Mar 1 00:05:46.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up" Q' d1 v' j% A* ]5 o8 z7 I
R13(config)# ip route 10.1.1.5 255.255.255.255 172.16.14.41
4 R; n8 _1 a" KR15(config)#do show ip route
6 X4 V3 r' q2 b) \# KS 10.1.1.13 [1/0] via 172.16.14.1
1 t, |; t" X( V 135.0.0.0/24 is subnetted, 1 subnets
4 p8 s; h/ } e# ~6 wC 135.0.0.0 is directly connected, Tunnel0
; M* k& j$ V( J! `R13(config)#do show ip route
G' R( @6 j' I) w" TS 10.1.1.5 [1/0] via 172.16.14.419 w0 q* ]7 v/ H9 ~) Y' p; l: j
135.0.0.0/24 is subnetted, 1 subnets; X, n2 v9 \8 v
C 135.0.0.0 is directly connected, Tunnel0
; u" ]: `1 s" {//战报说如果该下一跳物理接口,则需要在R5上重发布静态路由。+ X4 e$ y& _! b$ _8 S \7 o
但是我不知道为什么我做不出这个问题。
7 i, [% e& d0 N! B& N, W7 O 考试的时候看题目需求来做,如果题目明确说明不能去掉静态路由,则不要删除。 C6 C2 S8 m& }! C6 [( Q
- \, V6 K' M+ ?8 E; B4 E0 q3 d
/ o+ U- e& h" S4 h2 ]0 S3 J! Z6 `+ N3 W% A: Z& L
8 A% g) a: _4 O2 V5 n- [$ e
0 ]+ z. w1 r! W, P# G1 n
4 c1 J6 C' H/ p; I, D
$ K6 K. a; X; H$ f- ?/ b: r6 T4 `+ z/ j: C" N
; _: V7 y3 d1 C |
评分
-
查看全部评分
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2011-8-25 11:52:19
置顶卡
喧嚣卡
变色卡
千斤顶
成长值: 63235
发表于 2011-8-25 14:06:43
