- 积分
- 0
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 0
- 听众
- 收听
游客
|
太多的朋友关注我了,我本来不想写战报了,因为前面的战报内容已经和考试内容基本一致了,没有太大的改变,除了TS的考试点要注意。下面我来说说我的情况吧!- N* O4 U5 `: D8 W
字数有点多,但是我已经减了无数字了,希望大家都能全部看完,因为这会让你在接下来的考试得到一个明确的解决办法。
1 r2 @, C$ k( m9 q1 {
6 |3 p5 K! [( ^; y5 g2 P,我正常去HK考试,发现人都到的很早哦,7点45分就有4个人了。人齐后,其中4个路由交换(1个新加波),1个语音,1个安全(印度人)。% v) q8 E7 W6 F6 B8 S9 b
开考后,除了32号机架的是TS2,其他全部人都是TS1。而我就是坐38号机架的位置上。0 f* ? u! [; _! x3 k7 E( M
填完个人信息后开始考试,但是一开始就发现了一个平时不常发现的问题。就是设备号和配置不匹配。具体怎么说呢?好比TS1的帧中继部分是R22---FR—R23,我打开R22,显示的hostname是R22但是里面的端口却是R23的端口,然后打开R23,竟然里面全部是R22的内容。那就出现了部分信息重叠和混搭了。因为考试的时候不主张问考官,而且还是一开始就问,这样会显得没有配错能力。所以我就开启设备管理器,去重启所有路由器设备,然后重新加载设备。在长达20分钟的重启和加载,问题还是没能得到解决。在万般无奈之下,我举手找考官,Bruce来了后也开始发现了我的这个问题,他的操作是从第一台设备重启到最后一台设备,逐个按钮按(这是最郁闷的…),然后全部重启后,再从第一个设备重新加载到最后一个设备,(这个更加郁闷…心都快憋死了)但是依然也没能解决这个问题。Bruce告诉我先别动设备,他就回去自己的座位帮我弄,过了大约5分钟,Bruce又来了我这,又 把上面的步骤重复了一次(心都快吐血了),在这次完成后,发现设备号终于和配置对上号了。在确定基本没有问题后,Bruce说我是在开考20分钟后举手,而他是花了我20分钟来解决这个问题,所以他提出还我20分钟。我谢过Bruce,开始了这趟TS旅程。
0 a9 m2 {, m2 b3 N 正式开始后,第一题就是FR,可是我在FR设备看到的所有端口都是管理DOWN的,并且怎么看都不像是有配置的那种。不知道是不是设备还没弄好,我就又开始重启设备。希望能恢复有配置的设备。在过了3分钟左右,设备好像加载了配置,但是我在R22和R23上面去补充完命令后,show fram map 看到的却是一片空白,并不是inactive 或者 deleted。这个时候说不紧张是骗你的。我看看时间,一分一秒的过去,我还没开始正式参与到考试中,那个感觉就像坐云霄飞车,冲到天空的时候你被抛了出去一样。那是一种绝望的感觉。
$ u0 c; i7 A7 Q( o* Q) I 因为不能因为一条题目而影响整个TS的进度,我毅然决定跳过。1 D, ^( J+ ^+ H2 l% E
第二题是交换的题目,问题和战报说的大体一致,也是那么个情况,可是就算我怎么努力的去弄,但是都还是无法让R14学到正确的路由信息,或者可以说R14上只有直连路由的信息。
+ x7 P! e. w: E1 Y2 H 因为不能因为一条题目而影响整个TS的进度,我毅然决定又跳过。. a0 t* D' Y1 Q0 f+ O4 `
去到MPLSBGP的地方,这个点和战报说的一样,是要解决所以PE需要看到其他的PE有两个RR,但是TR点却并不是我们平时战报说的那样简单。我把所有可能出现的问题都看过了,都弄了一遍,都无法解决。7 F! @! C& Y2 i p% F( I8 \8 p& w) |
因为不能因为一条题目而影响整个TS的进度,我毅然决定又跳过….好了后面大家都应该可以知道了,我这份TS都不知道跳过了多少题。9 X! O4 ^% D+ Y. c8 I
, l& v* v, ]* c r' e7 x
在考试的2个小时里面,我花了30分钟解决设备问题。然后有个最主要的问题是38号机架的速度非常非常慢,慢到什么情况呢,开一个R19,我想show run | b ip dhcp 要等上接近足足2分钟时间(放心,绝对足金足两)。所以在所有设备上的SHOW命令的等待时间,就可以用去我30分钟以上的时间,这个时间是绝对的。如果配置多,这个30分钟可能还是很保守的。# o9 M, m) ]" }' l& y, P
所以最终我只有不到1个小时的时间来排除这些问题。! N8 b" z; B3 I+ y7 ^
这里有个绝对建议,希望各位接纳:
5 Q5 w/ ^& u" b$ \% m( X8 d9 R) \在平时,各位要保证能在40分钟内解决完所有的TS内容,并且可以保证每次的show命令都是准确到位,绝对不能出现show错,或者看些并不能正确解决问题的show命令,因为那个延迟会让你丧失所有的斗志。; z6 G$ b' ` v) e$ T/ i
对TS的错误点要有100%的准确。你一定要记住这个地方考的是什么,能立竿见影!% C: w: X1 E' { K- R
你要清楚明白这个考点可能涵盖的其他所有信息。1 u1 u* b2 B7 m, n
比如MPLS,你要知道mpls-label这个命令的作用,并且知道交流LDP的Loopback号和显示show ip bgp的Loopback号不同的情况下怎么弄。3 t7 |' M& J& w
最后在设备的延迟,在能力不足的情况下,结果以杯具告终。
3 t& Z: L9 H8 q9 j# o+ e 好了,我想,或许也是一个时段的结束吧,而这个杯具的人是:小一。
. }- ~1 ~# {4 @- g2 m% j3 F3 s7 h1 Y/ o; P) C+ d( m7 X6 f
我没有什么东西能送给大家,这些是我准备的TS步骤解决方案,本来不打算公开的。但是现在还是发上来给大家做个参考吧,这些解决方案只是针对部分TS的部分错误,并不代表全部内容。
7 n$ h! ^8 N+ c+ U! L4 | x3 p) j这里有个小小的请求:看了这个解决方案的朋友就自己保留好了,不要转发,虽然不是什么奇珍异宝,但是也是我的个人心血。如果谁需要就叫他们自己去下载战报吧!不下载的就不要发这个信息给他们了。谢谢各位对我的理解和支持。
- ]! d5 g) I6 _2 e) J6 R6 q" s
% a5 I6 t" C3 }6 }
* r' r. Z |( g$ g" M( c9 y2 e2 U
; u! N' {& x. y$ p2 w g4 O J q
_, h0 ~0 a# f5 j3 I8 i- g) q
8 O9 q7 z) r! q* R- y. N& X I
# b3 [# i5 d _# j' N7 }. y" O5 U1 q/ R4 h8 a5 }& Z( X
. w" l) Y- h1 d4 r
- ~. q- j9 N1 F7 @# F
c& K% v) U6 w, D3 ]2 {+ ?9 K8 e* h7 u. Y) j5 o
* q; @, b8 I7 x- I
TS1+ t' ]& b* c, w) p- j$ d
这里的题目均是参照排错题目和部分战报制作而成。- h8 J( ~+ O3 { U% \
如需要获得更多详细的信息,请参考以下两份战报。# n$ x6 y$ G1 F* }& _' s
1.20110211 成都互联神州 超详细 新TS1++ K2 HK Francisco Fail$ n2 D7 y% x/ S$ S8 z Z
2.TS1总结(完全冲刺版)
4 i& f/ G0 a; a) i& \# ?此步骤和解释均是个人见解,如有任何理解上的错误或是解释上的错误,请忽略。
' S4 L: _: S0 E/ O2 X% x; ?7 N1.R16 can NOT ping R19 loopback0, The flow should redundancy with both. Can NOT use static route.) ~# ?( q+ R' `- _; w* q9 d
R16#show ip route* L: S, o; z- q( J! b' }, x
172.14.0.0/16 is variably subnetted, 2 subnets, 2 masks
& e+ c/ ]# G3 ^0 w7 _D 172.14.0.0/16 is a summary, 00:13:03, Null0
' t! X0 F8 X5 Z M" d& OC 172.14.12.8/29 is directly connected, Ethernet1/0
! h2 b" p0 L. W9 m( l 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
2 J# [1 x _* D! f$ B S0 l% W, H, dD 10.0.0.0/8 is a summary, 00:13:01, Null0
1 d; g2 K! u% _) mC 10.1.1.16/32 is directly connected, Loopback0
( y# I* G+ w" ~6 G- l2 ^R16#9 [7 z% A) t; ?5 Q! X$ Y3 h$ j# c
//先验证,看不到有R19的loopback口地址,并且所有的EIGRP地址都是汇总地址。
9 b; i7 N! W: g/ G3 T//这里可以发现,R16从R17和R18处收到的EIGRP路由是汇总路由(auto-summary)
: ] D6 r9 d1 f" G# I0 q0 r! M1 }+ TR16#show ip pro) c* w, \7 S9 x5 G7 \7 Y
Routing Protocol is "eigrp 200"; @8 H3 D+ C4 V( W& O' Z; l( \- p
R16#show run | be r eigrp 200$ k) _9 | L. `6 q% D* ~
router eigrp 200
+ I ^5 w! U! a7 }9 u network 10.1.1.16 0.0.0.0
& r9 T) v. H' p network 172.14.12.0 0.0.0.35 n; ~% z! g: ^; o5 d: w/ \7 a
network 172.14.12.8 0.0.0.7e
' e! g$ ]+ e7 B7 B4 ` auto-summary4 B, m- g# i# h8 K' T
R16#conf t
& M' g2 C2 ^7 J: g( r1 M0 X- mR16(config)#router eigrp 200
, k0 }& A q$ A, Q" pR16(config-router)#no auto-summary3 b1 o* Q0 L+ Z
R16(config-router)#. {' @" c4 E% `0 {" d5 _
Mar 1 00:16:29.647: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.11 (Ethernet1/0) is resync: summary configured
% o2 n6 G9 h' K( O7 V; kMar 1 00:16:29.647: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.10 (Ethernet1/0) is resync: summary configured! k3 o- F( f3 {- x' F5 P
R17#show run | be r eigrp 200" A& m/ c' Q0 `7 T/ B3 `6 t& X
router eigrp 200, I3 s& t; i, G, R
network 10.1.1.17 0.0.0.0" B$ p- p0 D) V' n8 f
network 172.14.12.8 0.0.0.7# y7 Q% ^: g$ V2 V; [0 @' C
network 172.14.12.16 0.0.0.76 T8 ^; d2 f2 A# z
auto-summary
8 R# T+ d9 f7 ZR17(config)#router eigrp 200
, y0 g! Q! F8 W P8 z0 ?8 q) ]* a+ lR17(config-router)#no auto-summary
6 g" L/ M3 u8 C1 R1 s8 T3 M: S! sR17(config-router)#6 v/ _+ Q/ d% E0 [, J: a7 s4 S
*Mar 1 00:17:23.725: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.12 (Ethernet0/0) is resync: summary configured
. i+ e _# b6 @*Mar 1 00:17:23.725: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.11 (Ethernet0/0) is resync: summary configured
' n8 K2 [* N2 _4 ` ^R18#show run | b r eigrp 200( }1 V' X' k2 {2 h0 z
router eigrp 2009 V; M& U3 w( Q
network 10.1.1.18 0.0.0.0
! C @% r6 L0 D$ n( `8 S network 172.14.12.8 0.0.0.77 a* R% f: ]; }1 v1 e% O7 Y
network 172.14.12.16 0.0.0.7
# @% _6 N, [3 G. z: C auto-summary$ |3 a. e/ z4 O- H" K4 S' D+ k' E
R18(config)#router eigrp 200
( g% h& o/ g8 n# {R18(config-router)#no auto-summary. r1 z+ m& n7 c. Q
R18(config-router)#
+ i; e5 P5 L- I9 m$ S' j*Mar 1 00:18:39.347: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.12 (Ethernet0/0) is resync: summary configured/ }% D$ K$ v) |5 z' x( p
*Mar 1 00:18:39.351: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.10 (Ethernet0/0) is resync: summary configured
3 L5 r' o: ~; v# P0 d3 K& jR16#show ip route i& m3 n5 ?( d5 g1 n
172.14.0.0/29 is subnetted, 1 subnets
8 i4 h) w" \5 y! }2 h- r" mC 172.14.12.8 is directly connected, Ethernet1/0+ g5 D3 U+ r" p* O- Y/ Q
10.0.0.0/32 is subnetted, 3 subnets
* n5 b _6 [3 hD 10.1.1.18 [90/409600] via 172.14.12.11, 00:31:45, Ethernet1/09 P0 y9 S `5 n! H* \
C 10.1.1.16 is directly connected, Loopback0, S v* i% v S( V t
D 10.1.1.17 [90/409600] via 172.14.12.10, 00:33:00, Ethernet1/0! x$ ?: E/ }# {
R16#
2 P! _1 R2 X/ X7 }2 u//这个时候,R16可以收到R17和R18发过来的明确路由了,但是依然没有R19的物理接口路由和Loopback口路由。* P- y" T" Z9 u, S4 r
//去R17和R18上看看有没有R19的直连路由。/ H8 v$ F' j# J! l/ A
R17#show ip route2 Q" F# m8 C; L# y7 g! O# ?& f
172.14.0.0/29 is subnetted, 1 subnets
4 c" l" u; @' r/ BC 172.14.12.8 is directly connected, Ethernet0/0
3 ^* ?- ~2 {9 }. Y- ^/ f) L 10.0.0.0/32 is subnetted, 3 subnets: ^; O$ u- F( H
D 10.1.1.18 [90/409600] via 172.14.12.11, 00:32:38, Ethernet0/0+ L6 E. p4 e$ d8 `
D 10.1.1.16 [90/409600] via 172.14.12.12, 00:01:47, Ethernet0/0
# P) @% R8 r7 Q& D* vC 10.1.1.17 is directly connected, Loopback0
$ u" [% c1 |1 Y; `' P1 F% C//R17也没有R19的直连路由,查看接口地址是否UP。0 a& s* F0 d$ N% P- w2 `
R17#show ip int br
, h/ Q4 G0 k% V1 `Interface IP-Address OK? Method Status Protocol( [' T7 ^ K7 z- g6 f' c( r+ z& o) f
Ethernet0/0 172.14.12.10 YES NVRAM up up
7 _7 z) f7 @0 H6 C( o1 m& E0 b cEthernet0/1 unassigned YES DHCP up up
/ _8 m) ]+ Q$ ]3 g8 T$ D$ b6 F6 oEthernet0/2 unassigned YES NVRAM administratively down down( L. p9 T2 Y5 l+ ]
Ethernet0/3 unassigned YES NVRAM administratively down down5 P* u$ x$ t, P$ m
Loopback0 10.1.1.17 YES NVRAM up up
$ h5 s, K) l2 d: yR17#
- Z- p6 E; w! E9 K% Q//发现R17连R19的E0/1是通过R19的DHCP分配的,因此去检查R19的配置。5 Y- _+ \! T& O8 I
R19#show ip dhcp pool: n9 s8 C/ v9 m' e" a2 ~5 t
Pool dhcp :& Y' R: `( n3 _$ K8 \% w) K; T8 u
Utilization mark (high/low) : 100 / 0) K3 X+ F& ~0 E9 B$ v* [
Subnet size (first/next) : 0 / 0! d- ]7 O9 ] N6 h
Total addresses : 6& z, `# y/ ^4 }' _9 f
Leased addresses : 0
! T( W/ O% j3 v7 G0 @# z9 H6 U Pending event : none
! W" H7 A2 m6 s7 z% x4 Q5 Y7 K 1 subnet is currently in the pool :- b4 g9 f2 n2 ]
Current index IP address range Leased addresses9 p- }( i7 X% c% ~+ w6 v: e
172.14.12.17 172.14.12.17 - 172.14.12.22 09 h* r: o. K: E" `) K
R19#9 x: \# a1 N8 ?1 c2 Q
//R19的DHCP地址池中一共有6个地址,被使用的是0个。地址池的范围是: 172.14.12.17 - 172.14.12.22
# `6 s# }- L v, O2 b//检查R19的物理端口。- @5 Z |( z) b
R19#show run int e0/0$ A! _6 I. r$ P B
interface Ethernet0/0
* o$ K" O2 r3 T: e1 S. ~2 T, L ip address 172.14.12.19 255.255.255.248$ l# q5 x8 @0 {) v, p$ e
ip authentication mode eigrp 200 md5
6 y9 V- X( t& v1 g! O# G$ f ip authentication key-chain eigrp 200 eigrp# ~( {) ^6 l. `. I! p
half-duplex
) @' ]( m' X/ s" z/ {& Y0 J$ \end
& |! X6 M/ ]: H& I: P1 k//地址掩码匹配正确。255.255.255.248 是/29位地址,每八位递增一个子网地址,那么172.14.12.0的下一个子网地址如下:
9 v0 d. x3 ^7 W8 B E# [5 n//子网地址为:172.14.12.16
, ?- u5 a. P( @8 P//广播地址为:172.14.12.23; O. _8 R2 s# k' U7 Z) F
//可使用主机范围:172.14.12.17-172.14.12.22
' O2 R; m8 }. h+ @& D//检查是否有命令把DHCP给block掉了。- v3 @& ^5 u1 K" s
R19#show policy-map1 F) x! O' |, O0 k
Policy Map xx7 ^3 }" g* r) k' f' [/ ^' @
Class xx
8 Y* R% B4 j" T4 z3 V* V3 `5 h drop. s# c$ Y) r5 `
R19#show class-map xx: F+ f, |/ s5 e. s3 C7 P; @' p
Class Map match-all xx (id 1)
7 ]) Q: S. W3 w0 h3 e Match access-group 100$ [8 K9 w6 P5 T# s" ^) B
R19#show access-lists
& Y" k' Q. \" d+ Z0 H& l: pStandard IP access list 19 r. g; D/ Z E6 H( a: q! A/ C: I+ E- u
10 permit 172.14.12.0, wildcard bits 0.0.0.255/ s) f: _# |+ L: e/ @
Extended IP access list 1004 c- y1 _6 C4 g0 u3 a/ Z8 p
10 permit ip any any (52 matches)
% f& ?( K/ q+ r, C6 K% Q. b- {: A, o 20 deny udp any any
, o' h8 i$ }3 p/ T2 v# A' FR19## d& a$ Y9 {; I# ~8 [; R" w6 q( p( e/ ~
//可以发现,R19通过policy-map把IP包的数据流给drop掉了。3 L+ V# k) L2 d4 o
R19(config)#policy-map xx5 @* j' M2 W- f3 v+ [% m% r; }
R19(config-pmap)#class xx
; { C9 T( s+ F8 }1 fR19(config-pmap-c)#no drop) R1 T0 ], e" ]$ l+ Q
R19(config-pmap-c)#
! J8 D& N& |) g4 ]6 j*Mar 1 00:07:09.851: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.17 (Ethernet0/0) is up: new adjacency
6 {- I' {6 _' L) \*Mar 1 00:07:10.195: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.18 (Ethernet0/0) is up: new adjacency
' P* E. X5 n9 M ^/ O//同一时间查看R17的弹出信息和R18的弹出信息+ ]( X) |6 _/ S$ K+ t
R17(config)#$ r/ y l Y9 ? K% H3 i
*Mar 1 00:07:10.207: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.19 (Ethernet0/1) is up: new adjacency
4 S* u) @" F3 _*Mar 1 00:07:10.523: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.18 (Ethernet0/1) is up: new adjacency
0 n9 W. d6 x0 {2 |9 z*Mar 1 00:07:10.959: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/1 assigned DHCP address 172.14.12.17, mask 255.255.255.248, hostname R17 `0 x# O0 }( r$ V) _4 k* G
R18(config)#( y: f" l' P; J' H& N* Z
*Mar 1 00:07:10.795: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.17 (Ethernet0/1) is up: new adjacency) m' a1 A3 \& d+ V. _4 h8 _
*Mar 1 00:07:10.807: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.19 (Ethernet0/1) is up: new adjacency7 t8 V2 H" A' b4 V3 J4 U0 j
*Mar 1 00:07:11.887: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/1 assigned DHCP address 172.14.12.18, mask 255.255.255.248, hostname R18* D# I2 w9 T& f4 ?
//这时,R17和R18已经获得了R19的DHCP 服务器分配的IP地址。- ?- D- ^3 D3 o( k+ P. R. V' O
R17#show ip int br
( l6 Q' Z- }7 b$ u& v, Q! p; WInterface IP-Address OK? Method Status Protocol: p& G& F) v6 y* T9 i- \
Ethernet0/1 172.14.12.17 YES DHCP up up
* X6 X! P, K* NR19(config-pmap-c)#do show ip route
' y) v$ }8 ~" l 192.168.14.0/30 is subnetted, 1 subnets
. I# e' m; x% {9 S" `2 dC 192.168.14.0 is directly connected, Ethernet0/1
1 s! f! I: t6 u5 ]2 y 172.14.0.0/29 is subnetted, 2 subnets! J" f* R, Z* P' a
D 172.14.12.8 [90/307200] via 172.14.12.18, 00:03:00, Ethernet0/0
6 ~. g4 E5 O8 P- e8 s& D" o [90/307200] via 172.14.12.17, 00:03:00, Ethernet0/0$ `/ c5 Z% H3 f/ T) h/ B
C 172.14.12.16 is directly connected, Ethernet0/0
4 E/ h9 y) f$ U: e+ P 10.0.0.0/32 is subnetted, 4 subnets
6 C! |+ w# P: K [- m" |D 10.1.1.18 [90/409600] via 172.14.12.18, 00:03:00, Ethernet0/0
4 C- N9 i" N5 U( SC 10.1.1.19 is directly connected, Loopback01 D4 U a, G. d0 @/ F
D 10.1.1.16 [90/435200] via 172.14.12.18, 00:03:00, Ethernet0/0
7 J. @2 y. k; @; V6 K' v$ P [90/435200] via 172.14.12.17, 00:03:00, Ethernet0/0- h" f! B. d" u. H' n, V
D 10.1.1.17 [90/409600] via 172.14.12.17, 00:03:00, Ethernet0/0
6 o8 @( r1 d0 Y E//R19和R16,分别有了负载均衡到对方的路由,并且可以Ping通。
3 Q3 N! C: W, ?! f* h* VR19#ping 10.1.1.16+ s+ Y; f5 h/ Y- a. b1 \7 `
Type escape sequence to abort.
6 b3 m% E5 b& J! { ]6 KSending 5, 100-byte ICMP Echos to 10.1.1.16, timeout is 2 seconds:" A$ ~5 s4 ~9 H/ W
!!!!!
. m3 c# l! N- B0 }; {( p7 SSuccess rate is 100 percent (5/5), round-trip min/avg/max = 96/109/136 ms) [7 \7 Q& z5 C$ [0 v& k5 L |' y
R19#9 L+ b j& T$ T
R16#ping 10.1.1.19
5 W0 i0 y+ m) jType escape sequence to abort.
" W( H9 ~5 O. a. [6 bSending 5, 100-byte ICMP Echos to 10.1.1.19, timeout is 2 seconds:& ?/ d3 i( e( }4 p' S; n
!!!!!2 y3 f3 @* ^: C& z7 U& V! {
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/120/148 ms
: a% F$ c1 T" P, L' @R16#
8 D& h2 R( _' Q" T! }2.R15 and R16 can NOT established EIGRP.# o" y F3 e5 v( `0 ~
R16#show ip int br
. m: v9 I4 i2 v6 LInterface IP-Address OK? Method Status Protocol
T5 [; C- t" y- g$ {: _# ]Serial0/0 172.14.12.1 YES NVRAM up down+ a, a% Z1 f2 `$ q9 w& J
//首先在R16上确认情况是否属实' `. K9 R& D; D, }- Z% P& G
R15#show ip int br! S) E& w# @, J
Interface IP-Address OK? Method Status Protocol
, `; ]. T& q0 v$ A5 C! ySerial1/0 1.1.10.2 YES NVRAM up down
% e9 s8 K! G4 b) L7 Y) ySerial1/1 172.14.12.2 YES NVRAM administratively down down
% P1 b, X: S$ ` m HR15(config)#int s1/1
* N% [' R* k& u& c, f8 LR15(config-if)#no shut
+ P* \& @* B3 l0 X0 e! o. |R15(config-if)#0 U. l# U& l3 n9 C' c& l4 b
*Mar 1 00:03:25.943: %LINK-3-UPDOWN: Interface Serial1/1, changed state to up
. q6 X: G$ O3 R1 J$ \( P9 D+ {6 w//通过这条提示,我们可以知道,物理链路UP,但是没有收到协议UP的消息。
- l5 p$ L7 Y$ P9 p0 f*Mar 1 00:04:41.319: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up
+ S+ T( S: n6 W) Q; c*Mar 1 00:04:42.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to down+ r3 |# j3 i) k7 Z+ `, N
//出现协议UP DOWN的情况,多半是认证不通过,此时应检查端口情况。
0 ]6 ` E5 @0 P9 ^% dR16#show run int s0/0% n3 ]1 o; t# @0 X3 ]: r
interface Serial0/0
3 t+ O& l, T; t2 u ip address 172.14.12.1 255.255.255.252
( R& q: ~& K7 Y4 | encapsulation ppp# |8 R8 M6 @9 w4 o% U" g2 Z2 Q
serial restart-delay 0
. d6 r/ t* ^ [8 Q5 N( F2 V( y3 x1 s ppp authentication chap% J0 }- J1 c4 S( r$ s. B
ppp chap hostname ccie
( U N) J* z9 O9 x# ?1 X0 lend: _* X5 r: ^" k
R16#show run | in user, [* R0 B- K! p. A
username R15 password 0 cisco# Y2 ]9 ^6 a, T, ~! }9 W
//这里可以发现R16开启了PPP认证。
! z; y1 |% o! Q& N! }//通过这句话:ppp chap hostname ccie可以知道R16也是被认证端(也就是双向认证)。
6 \* i4 \6 m( J5 A, b2 w" \R15#show run int s1/1
8 `/ C; e1 k: qinterface Serial1/1
8 m. u; C/ B% ^8 b ip address 172.14.12.2 255.255.255.252
* b, y) q( x( p9 X/ ] encapsulation ppp
7 w3 H& `9 n& }6 y# L5 i! `$ u0 B serial restart-delay 0: Z r+ C9 p& q
clock rate 2520003 z5 L4 L4 I) f6 h& h& n0 r$ A5 \
ppp authentication chap# e& Y9 ?" m! i
ppp chap hostname cisco, j" |) b. X# b
end4 e# T9 c: \0 b- D, l
R15#show run | in user
+ E! R \, ?6 t5 L" husername R16 password 0 cisco
" j7 A. R* ?! u/ m0 i" X//通过以上信息,可以发现R16和R15双向认证不匹配。
7 t5 o; [6 e" j& L" y$ X& d! g6 A! C这里我们做以下整理:
# t# ]; {7 s' d5 T: O8 aR16:- K, F1 B/ g* Z7 j+ Y6 l* h$ x
username R15 password 0 cisco //这里的信息要和R15匹配
; z9 Y8 H2 f8 Z //username R15 是对应对方的hostname
9 R1 V2 N i8 p# N( x //password 要双方一样
# t: J+ z4 s% @& M* AR15:
, O9 Y; L6 o; l0 L* K8 D/ m1 Z4 z. @! Tusername R16 password 0 cisco //这里的信息要和R16匹配
4 ?5 Q4 o; U5 p! \ p" A" A1 g //username R16 是对应对方的hostname
5 S0 N# f/ L1 n8 | //password 要双方一样; a p# `& ]; B- t* ^" V: Y' i( n7 ?5 T
R16 int s0/0:
' ]3 U9 n, ~+ v- P4 N ppp chap hostname R16 //R15定义对方的username' S$ E% |* p$ |5 B0 O% u/ ?
ppp chap password 0 cisco //R15定义对方的password$ l. U/ k' r% f3 s W' d1 y- A
R15 int s1/1:
/ ^: ]0 ]+ N8 K- H ppp chap hostname R15 //R16定义对方的username
5 {6 U4 s- ^8 ~! ]( w& L( ~ ppp chap password 0 cisco //R16定义对方的password r$ U# z+ {8 b8 i, U
R16(config-if)# `. n9 |% b9 ^+ m6 P* w* F/ b
Mar 1 00:29:08.831: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
e! w( p) e3 x. X8 qMar 1 00:29:09.067: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.2 (Serial0/0) is up: new adjacency9 o- z" x Y2 C( \+ X
R15(config-if)#
( k) J: q; o5 R! j" Z1 U* n9 h9 P. j*Mar 1 00:16:01.907: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up
3 G5 f; r- M4 I: r2 H*Mar 1 00:16:02.519: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 172.14.12.1 (Serial1/1) is up: new adjacency
& }8 Z) T5 n' Z+ z% A+ u8 m+ _//修改完成后,出现以上字样,代表协商成功,邻居建立。
2 {2 F2 u+ d# H//此时再查看EIGRP邻居。( x2 G: |- \6 p) A- a8 a( m
R16#show ip eigrp neighbor5 d' N- A! q* ?3 D8 [7 L. [3 G
IP-EIGRP neighbors for process 200
2 Y3 h n _ Z' X9 c7 ]H Address Interface Hold Uptime SRTT RTO Q Seq+ j& m; k; h K' W4 b( c0 q
(sec) (ms) Cnt Num) `* X8 O9 v1 k: p0 ^0 _
2 172.14.12.2 Se0/0 11 00:02:53 148 1332 0 3# ] O& R R+ X r( h
R16#
8 f& z! l2 ~& s3.CE R15 Loopback0 and CE R7 Loopback0 , there are can NOT ping each other’s.& [- F" N* a% {! H- m; x
(Four PE route require display another three PE loopback in show ip bgp.): s& \- Z% g3 `& j) A4 U) w2 U) y! @
解决这题就应该有一个良好的步骤和习惯:(参考TS1总结-完全冲刺版)
. g: Z0 B; v$ C! M5 @1.首先解决直连路由问题; e$ U0 W" n9 ~7 M% i
2.解决IGP问题; y1 B/ o6 X9 s4 c5 W/ v
3.解决BGP问题
! F, O; w+ C! i9 |4.解决MPLS问题
0 u( W# E# }; Y% g+ v
( }; D6 N0 Z5 I首先查看R15和R3是否成功建立了EIGRP邻居,是否能收到EIGRP和VRF过来的路由。( S% {3 a6 }% ?( X: ?
R15#show ip eigrp nei
! X+ S5 w6 @! y& dIP-EIGRP neighbors for process 200
$ T% Q7 U0 R6 t8 N8 c$ JH Address Interface Hold Uptime SRTT RTO Q Seq
! q4 k- h$ }% H' H# @3 N: t0 _ (sec) (ms) Cnt Num }& Y! ^; a+ d* O- k, q, w/ c8 `6 @
0 172.14.12.1 Se1/1 14 00:13:02 60 540 0 28
# K( y' R4 I0 R6 L& \' M2 QR15#
. p5 A6 i5 i8 O6 @ }; x3 E//这里可以明确看到,R15这个EIGRP的邻居是刚刚建立的R16的EIGRP邻居信息。8 T" I7 }/ h& w) O, ?$ x: k
//这就说明R15还没有和R3建立起EIGRP邻居关系。
1 t5 Q. H: i' fR15#show run | b r e
/ m8 e( M) w& F/ Prouter eigrp 200
0 z3 r" t. y' W8 M. L" h. C network 1.1.10.0 0.0.0.3
9 @% B- R- a0 k/ f6 f9 ~ network 10.1.1.15 0.0.0.0
$ R" Y* b; r" I2 i3 H: B network 171.1.1.1 0.0.0.0
! C. y, q; I: {4 U6 H* Y ]$ w network 172.14.12.0 0.0.0.38 i9 L( i* M: u! Z. m6 v
no auto-summary
; Q( {5 T e( w+ t3 V, H//R15已经把自己接口和Loopback地址宣告了出去。 K; ~+ }( @+ {
R3#show run | b r e
. G4 L& ^1 |$ e8 hrouter eigrp 1
) a8 Q) H8 i- h no auto-summary
7 t6 S6 }, o' J" r: m !
# F7 D1 A6 D. F address-family ipv4 vrf site-b
+ `2 M+ h! m/ ^, E+ B! f redistribute bgp 3 metric 100000 100 255 1 1500
) w* p, p" G; Y% t! L. j network 1.1.10.0 0.0.0.31 }; b9 J/ H: m
no auto-summary6 N- J+ S, p. \" B. h
exit-address-family: B0 @5 u* T; f8 \& Z$ v. r
//R3也已经把自己的直连端口宣告了出去。3 o+ ~" _. M. R0 `
//R3和R15应该是通过EIGRP200来建立邻居关系,而当R3建立了VRF后,R3的路由表应该要转移到VRF自己的路由表中。
, T: N1 a+ A& _: h//所以我们应该要在VRF下建立一个EIGRP200的自制系统和R15进行协商。
& D H. E" e( C( `R3(config)#router eigrp 1
) D/ p6 m1 l2 P% B R9 HR3(config-router)#address-family ipv4 vrf site-b5 l8 z- S$ s; k+ _+ U# s5 M+ U: N! q* L
R3(config-router-af)#autonomous-system 200
\( K& O7 S1 e/ X+ BR3(config-router-af)#
1 H, @* |* A! ~' F4 v*Mar 1 00:10:44.199: %DUAL-5-NBRCHANGE: IP-EIGRP(1) 200: Neighbor 1.1.10.2 (Serial1/0) is up: new adjacency
) V @. w/ y! _! o a8 W' RR3#show ip eigrp vrf site-b nei
) j) Q1 R8 ]4 g$ R9 D* l' |: d2 ZIP-EIGRP neighbors for process 200
" d# o2 p* R6 _, U! k! s- mH Address Interface Hold Uptime SRTT RTO Q Seq" V6 T: J2 j; r* T7 z- S
(sec) (ms) Cnt Num
( F. f5 A4 J& I% Z, L4 ?- [0 1.1.10.2 Se1/0 13 00:00:52 217 1302 0 11* r6 f- w: C+ t/ |$ U& ?0 x, f9 a; V
R3#. o2 [. I4 v* O: ]' Z
//这时,我们来查看R3的EIGRP VRF的邻居时,就可以发现R15的邻居信息。
2 n! l$ h% J! K" M! |4 F# c B8 ]R15#show ip eigrp nei
* O! B' ]2 W5 {' M9 I i: L* ~IP-EIGRP neighbors for process 200& o0 S3 B1 \5 w& f9 R( K# u p
H Address Interface Hold Uptime SRTT RTO Q Seq
/ N# |: T6 {7 ]; N (sec) (ms) Cnt Num
$ ? R. r/ D5 L% |3 C1 e: o1 1.1.10.1 Se1/0 12 00:01:43 511 3066 0 4
+ O. }) G) t2 R! l4 q! ~4 z0 172.14.12.1 Se1/1 10 00:22:53 60 810 0 29: o, `3 M$ r* u$ m& p
R15#
0 }. p$ }0 ^) M M' J//与此同时R15也能正确的和R3建立起了EIGRP邻居关系。
( o7 h' z1 B5 |! i7 vR3#show ip route
. ~2 |2 F" C" z6 V$ l7 s 172.14.0.0/30 is subnetted, 8 subnets8 M, X7 S3 v2 |. j& y
C 172.14.8.32 is directly connected, Ethernet0/0
& q- i8 X4 O; ` oO 172.14.8.8 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/2
+ G/ a! U( x3 i" aO 172.14.8.12 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/2
1 ]1 m; F5 [ |, t% D# i1 Q. oC 172.14.8.4 is directly connected, Ethernet0/2/ [1 l0 C. b+ t. H, w9 w( h
O 172.14.8.24 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/0# R5 Q1 Y9 @. U# M3 m
O 172.14.8.28 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/0$ x; j! ]9 e0 ^- @! G7 w0 v
O 172.14.8.16 [110/20] via 172.14.8.5, 00:01:06, Ethernet0/25 D$ q* ~( L2 ]1 d" W. P5 D! p
O 172.14.8.20 [110/20] via 172.14.8.33, 00:01:06, Ethernet0/0
: o- o: L1 X4 m! e, N 10.0.0.0/32 is subnetted, 6 subnets
- E/ z2 f% n! T; oO 10.1.1.2 [110/11] via 172.14.8.33, 00:01:06, Ethernet0/0
& @: u0 @0 t; `5 T3 t/ qC 10.1.1.3 is directly connected, Loopback0
1 ^( Y C" H! B, O7 A- ^O 10.1.1.1 [110/11] via 172.14.8.5, 00:01:06, Ethernet0/2# x8 z5 `8 O6 `0 ]' ?% n8 ~
O 10.1.1.6 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/0
" B7 |. I% y3 {; h9 i! L [110/21] via 172.14.8.5, 00:01:07, Ethernet0/2& }: m& A/ w0 `- z5 B2 f# ~# I/ b
O 10.1.1.4 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/06 P2 K, t. y; Y' K% ~# y
[110/21] via 172.14.8.5, 00:01:07, Ethernet0/2
9 ~, r) y/ ^9 a0 J ?/ q vO 10.1.1.5 [110/21] via 172.14.8.33, 00:01:07, Ethernet0/0% g2 o2 [5 A* H; }5 [4 k
[110/21] via 172.14.8.5, 00:01:07, Ethernet0/2/ g3 C+ ?1 f, l5 c
//从这里可以了解到R3通过OSPF已经学到了各台P和PE设备的RID。
; w; v: r9 g! o9 ]' lR3#show ip bgp1 x0 m) t( @& n+ J/ ^ b
BGP table version is 10, local router ID is 10.1.1.3
) c% l8 k% r8 S Network Next Hop Metric LocPrf Weight Path
" S) K: r2 e* [ r$ \r>i10.1.1.1/32 10.1.1.1 0 100 0 i
' \( d3 w4 @- S6 wr>i10.1.1.2/32 10.1.1.2 0 100 0 i' ^# b3 |& a3 b& j: F3 E, T! [
*> 10.1.1.3/32 0.0.0.0 0 32768 i
$ c( B/ X. g( K5 `r>i10.1.1.5/32 10.1.1.5 0 100 0 i, h' W y8 A# y3 ]; V& v
r>i10.1.1.6/32 10.1.1.6 0 100 0 i
; t- b1 s$ i& P9 f. X: tR3#. ]. O* u$ _+ I1 {
//从IPv4BGP表中可以发现R3没有去往R4的BGP路由。5 H5 `1 D; [. R: k- V
//现在这个题目是要解决从CER15去往CER7的路由要通。所以R4的问题稍后解决。
9 x% g0 ?4 S, O3 `R3#show ip bgp summ
0 N I7 p3 `8 D+ e$ P- {Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
8 W' C, |. F, U6 Z9 j: Q o10.1.1.1 4 3 26 10 10 0 0 00:06:07 1
" E) q+ j+ w$ d% j4 v) P10.1.1.2 4 3 28 9 10 0 0 00:05:53 3) e2 Z6 d9 a' P4 P6 M5 F, m
R3#show ip bgp vpnv4 all summ+ S! ]2 y- N; r* V) T
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2 Q/ P j2 D6 {8 D! U10.1.1.1 4 3 26 10 24 0 0 00:06:32 11
$ ?5 }9 M4 j* }& Q9 I* E10.1.1.2 4 3 29 10 24 0 0 00:06:18 11/ u* q5 M A0 R3 f
R3#& D o- @" h7 v
R3#show mpls ldp nei
1 h$ ~2 z8 f* k9 }$ ? Peer LDP Ident: 10.1.1.2:0; Local LDP Ident 10.1.1.3:0
2 i& w+ |, r0 z( p( Q& w- r" T% `# S TCP connection: 10.1.1.2.646 - 10.1.1.3.52569
, m9 O. o) p; a/ w5 T State: Oper; Msgs sent/rcvd: 25/24; Downstream
) X& g9 d6 i& {" C/ |& c Up time: 00:06:507 A8 |! u& }2 x2 e% Y5 T5 U
LDP discovery sources:
" g1 q# X' H0 v# o# l! H Ethernet0/0, Src IP addr: 172.14.8.33; b; G, w5 P8 r0 j; {. t
Addresses bound to peer LDP Ident:& ^; \; ]4 h% }" o! ^
172.14.8.33 10.1.1.2 172.14.8.25 172.14.8.29
! d: o: G3 A5 l1 `/ i 172.14.8.21
' p9 @$ a* L4 ]: TR3#, ?$ d1 V' ?+ V4 `9 |1 D6 t; C
//这里我们可以了解到R3没有和R1建立MPLS邻居关系。
7 K3 \0 x+ m9 M% O, m0 t4 \//我们可以查看R3连接R1的直连端口。7 w) s& w$ }- m( W7 p% H: T3 T
R3#show cdp nei: L5 h' S8 C2 \/ a1 B
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
2 }2 i, C0 t5 \. }/ y/ n5 p S - Switch, H - Host, I - IGMP, r - Repeater. a# Z1 x1 ~1 E" p/ f9 m; z
Device ID Local Intrfce Holdtme Capability Platform Port ID9 T7 y7 I C' |) O. z0 }0 U8 |- h
R15 Ser 1/0 171 R S I 3640 Ser 1/07 [2 C. Y0 x2 R m6 v$ Y6 b
R2 Eth 0/0 160 R S I 3640 Eth 0/0. M! U" l7 _- `/ G; X- T! G
R1 Eth 0/2 165 R S I 3640 Eth 0/2
# F- `0 G/ Q/ e- |8 N$ `R3#
* ]/ Q. @; l, y5 ?+ k4 b AR3#show run int e0/2
) r' J+ Y8 ~: i& x$ t6 w9 }interface Ethernet0/2
5 g6 y% T! f8 Y. | ip address 172.14.8.6 255.255.255.252( t& p" U8 T5 l m; G7 T) _2 Y0 g
ip ospf message-digest-key 1 md5 cisco7 o: V4 m: j0 V% ` J" T+ j
half-duplex
" Q i1 |3 j# ]2 ~ mpls ip3 Y) @9 X6 w7 u1 i0 H. a
end1 M# ] |6 x& Z3 J8 ?& C
//在确保R3的e0/2接口没有问题的情况下,去R1的e0/2检查。2 f+ r" [4 g p( L
! g9 ?: k9 }9 Q1 S- y2 b# g( Q4 _
R1#show run int e0/2
& f# K8 F% K9 f; ]interface Ethernet0/2
. M: m# O5 S4 R4 r6 _ ip address 172.14.8.5 255.255.255.252
9 C+ f& m" u; }6 X' d ip ospf message-digest-key 1 md5 cisco$ U0 T( Y$ d% v; r
half-duplex: C/ ^; B8 \2 d: ?2 w4 F
end
1 R2 N1 a& s: _! U( |: ]4 ^( U//我们发现R1的e0/2缺少了MPLS IP,把它加上。
, _- s0 M3 x! L$ E; K9 {0 i//因为P设备和所有的PE设备在直连端口都应该打上MPLS IP ,所以可以使用range这个字段来囊括所有的端口。" R4 U) j7 x; k0 ]! a5 T
R1(config)#interface range ethernet0/0 -3
$ c# K/ K: U- k2 Z1 k3 h: QR1(config-if-range)#mpls ip) b0 {- \2 W" o7 O% V7 R
R1(config-if-range)#
/ e9 w; j6 _% u/ ?*Mar 1 00:14:47.935: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.3:0 (2) is UP
- U: ]; p7 B& O% F6 h. Q9 u. {*Mar 1 00:14:48.003: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.6:0 (3) is UP
5 l2 @. y/ x' bR1#show mpls ldp nei
9 S1 S0 D/ o5 R1 i" j Peer LDP Ident: 10.1.1.5:0; Local LDP Ident 10.1.1.1:0
# ^6 w/ r; }7 q2 \& ^1 l& ]9 F& j TCP connection: 10.1.1.5.47537 - 10.1.1.1.646( s+ j3 c( M" m; L
State: Oper; Msgs sent/rcvd: 31/32; Downstream4 y) r) V2 u1 a# ~4 O# |( A
Up time: 00:13:09$ T# B% R+ q; C8 ]) V
LDP discovery sources:
$ O7 Q7 M X; `" A Ethernet0/0, Src IP addr: 172.14.8.18
# {, \4 {8 B: R0 _ Addresses bound to peer LDP Ident:/ g9 M* _9 [0 t/ t# g
172.14.8.18 10.1.1.5 172.14.8.22: W" C* F6 Y% F& H
Peer LDP Ident: 10.1.1.3:0; Local LDP Ident 10.1.1.1:0
# z* J0 K: I) x! G. O TCP connection: 10.1.1.3.61492 - 10.1.1.1.646 b( E& x+ N+ q1 J! m
State: Oper; Msgs sent/rcvd: 18/17; Downstream9 ~* [8 J4 }3 S3 T
Up time: 00:00:55
C% Y: T( f" g& R6 u! H LDP discovery sources:7 H$ x# {( B; C9 y* F, C: d
Ethernet0/2, Src IP addr: 172.14.8.6
3 Q5 l, J3 J! Y Addresses bound to peer LDP Ident:
! w, W- r- s. F$ g8 ~/ f3 v5 U1 x 172.14.8.34 10.1.1.3 172.14.8.6
7 `$ ]0 U2 z- f5 n+ `! I8 ] Peer LDP Ident: 10.1.1.6:0; Local LDP Ident 10.1.1.1:07 F( r7 Z a9 H
TCP connection: 10.1.1.6.11900 - 10.1.1.1.646, j. K; C! E6 n! S1 s1 p# J O
State: Oper; Msgs sent/rcvd: 18/18; Downstream
. }$ f, a T4 Q7 b' N$ N Up time: 00:00:55# N/ B- e ~( a
LDP discovery sources:' j" W. }6 _6 {+ J1 e8 P
Ethernet0/3, Src IP addr: 172.14.8.14
8 Q6 y# m( c( E1 Y( ?+ B Addresses bound to peer LDP Ident:* @4 i" @. e1 S& x M
172.14.8.26 172.14.8.14 10.1.1.60 a |& `, ]) W! M
R1#1 x( Y' Y6 d4 w! [3 P8 [) J4 K
//R3 已经存在于R1的MPLS表中。
" n2 Y e' d: \* W) ~//R1是P设备应该有4个PE设备的对端,而且从RID地址可以了解到R4没有在R1的MPLS表中,这个记住,一会解决。0 F* i- _( q/ S
R6#show ip route
- w+ Q" G7 q/ v 172.14.0.0/30 is subnetted, 8 subnets( P9 N7 |# X$ e8 J$ ~ a- J2 Q5 r9 y
O 172.14.8.32 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/1
f8 E* |, M* g* P! b& gO 172.14.8.8 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/3
- f8 r1 @+ q+ ~$ Q, N4 vC 172.14.8.12 is directly connected, Ethernet0/3: W! R/ ?. U0 Z1 e1 |# I
O 172.14.8.4 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/3
8 w; e+ g$ s7 @. M' s# A: g5 V4 XC 172.14.8.24 is directly connected, Ethernet0/1
0 l: |4 s/ o+ j: XO 172.14.8.28 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/18 z7 r- u) f; L; k a
O 172.14.8.16 [110/20] via 172.14.8.13, 00:21:54, Ethernet0/3; s. [; w" U$ O* p3 N
O 172.14.8.20 [110/20] via 172.14.8.25, 00:21:54, Ethernet0/1; ?% L f) |! c/ d
10.0.0.0/32 is subnetted, 6 subnets
5 E$ e% z5 x% R8 I; e: BO 10.1.1.2 [110/11] via 172.14.8.25, 00:21:54, Ethernet0/1
# l; o3 V$ M0 f4 T" d9 L' \6 CO 10.1.1.3 [110/21] via 172.14.8.25, 00:21:54, Ethernet0/1) Z( k l9 A! S1 U# T3 R# d$ K* i
[110/21] via 172.14.8.13, 00:21:54, Ethernet0/30 X1 z& K& u9 j7 p5 a" |
O 10.1.1.1 [110/11] via 172.14.8.13, 00:21:55, Ethernet0/3
) M) l8 W/ F" PC 10.1.1.6 is directly connected, Loopback0; Z$ e, a8 w7 ]5 ?3 ~
O 10.1.1.4 [110/21] via 172.14.8.25, 00:21:55, Ethernet0/1 ^" }* I# d% |+ G* H
[110/21] via 172.14.8.13, 00:21:55, Ethernet0/3
`1 ?" O, }6 ~# S8 p3 I# AO 10.1.1.5 [110/21] via 172.14.8.25, 00:21:55, Ethernet0/1
0 t. V0 Z S7 J, @; m& Y [110/21] via 172.14.8.13, 00:21:55, Ethernet0/35 n, p! |+ G, ], {
R6#show ip bgp
@& M: q; x& I4 a A1 O n Network Next Hop Metric LocPrf Weight Path' D6 V1 i& m) J- k4 Y+ L
r>i10.1.1.1/32 10.1.1.1 0 100 0 i
/ w& @2 a% z* N5 N4 B! mr>i10.1.1.2/32 10.1.1.2 0 100 0 i
8 ~ i1 Z* ~/ d5 u! |r>i10.1.1.3/32 10.1.1.3 0 100 0 i% t5 O: r& A. H, |3 H
r>i10.1.1.5/32 10.1.1.5 0 100 0 i
4 l- ? u# P% Y*> 10.1.1.6/32 0.0.0.0 0 32768 i
; U4 e5 v( O; _; V1 t+ {9 eR6#show ip bgp summ# x# P' Z" U$ R1 ]4 Q! D3 z* A- N8 K2 W
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2 R8 c# u/ d; a% ]% H9 a10.1.1.1 4 3 34 42 10 0 0 00:22:21 1
5 ^" X. w7 z& |3 i10.1.1.2 4 3 37 42 10 0 0 00:22:23 3- v# ^( O5 E+ Y. b: @ L
R6#show ip bgp vpnv4 all summ
1 [' r2 N0 c, T& Y- ]- x5 NNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd# |1 e4 h0 f7 X# e1 J x
10.1.1.1 4 3 34 42 23 0 0 00:22:32 0
, z0 \. E3 _+ V6 x5 L$ a) b10.1.1.2 4 3 37 42 23 0 0 00:22:34 0
9 x& u$ i' O+ ^0 @) O4 p//从这个表可以了解到R6没有与R1和R2交换VPNV4的路由信息,它们之间只是建立了邻接关系。
( F o$ Q% p4 g//代表R6无法收到来自R3的VRF信息。; W( l9 i5 c; k
R6#show mpls ldp nei
& k( ^, S8 L" j$ I( L% o' ^1 B Peer LDP Ident: 10.1.1.1:0; Local LDP Ident 10.1.1.6:0! W2 Q% A) M: K- K- w6 h% ^
TCP connection: 10.1.1.1.646 - 10.1.1.6.11900
6 P; w" g( j% n# [ State: Oper; Msgs sent/rcvd: 30/30; Downstream7 _' k. c9 V7 Q* c; R2 _
Up time: 00:11:49
/ U, j! ^( m$ r LDP discovery sources:
% Y7 `% @/ X- k/ S5 \: n Ethernet0/3, Src IP addr: 172.14.8.13
4 j8 }( K/ ]2 i" P$ n Addresses bound to peer LDP Ident:
; a" V9 }( F: M; ] 172.14.8.17 10.1.1.1 172.14.8.9 172.14.8.52 @/ p# n1 d2 U* a$ F) w A6 b7 g$ q
172.14.8.13' s+ v& H& {. S9 F
R6#$ u- U% p1 _0 t. K- {. {1 u
//R6缺少去往R2的MPLS路由。% y0 t' C- T* Z3 k4 U1 {# G
R6#show run int e0/1
$ K8 ^9 J9 z; }. {/ m. Ainterface Ethernet0/11 r x4 N4 ^% i& m4 }' x$ D
ip address 172.14.8.26 255.255.255.252
, X8 x; _. d9 }' x2 ^ m8 z ip ospf message-digest-key 1 md5 cisco* K2 I( g6 Z9 Q' N
half-duplex [% p5 {3 J" u* _; ?2 n+ \- z
end) B9 M) T K }. e4 `% S
//加上MPLS IP2 d7 `( v* u, ~" }( y6 b5 Y j
R6(config)#int e0/1
+ n5 Q; U4 z# B lR6(config-if)#mpls ip6 T @) G( M$ ~1 W ], E
R6(config-if)#! u5 n$ g4 a: X1 C9 p
*Mar 1 00:26:14.003: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.2:0 (2) is UP
# z6 l( c# \0 b//我们去R15上查看一下是否正常收到CER7的路由2 m, R! c- @* d; b/ o$ y
R15#show ip route1 z1 F1 p8 |; Q- ~( {3 ?0 G
1.0.0.0/30 is subnetted, 1 subnets
* \4 R1 | e4 s: z9 WC 1.1.10.0 is directly connected, Serial1/0
& P1 y* E8 n6 s+ u0 w 171.1.0.0/32 is subnetted, 1 subnets1 W+ a" t* E( d4 J. x U$ m
C 171.1.1.1 is directly connected, Loopback10
; J6 S* `9 T( o4 w) u# w 171.2.0.0/32 is subnetted, 1 subnets1 ^" j& ~' O1 d! v" b/ H) F
D EX 171.2.2.2 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
8 B. t6 ]$ d0 q 10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
3 h6 S: V/ l6 u, M5 \1 E, l/ L6 XD EX 10.10.10.8/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0" e, _9 }+ o# b* E# Z
D EX 10.1.1.8/32 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
$ C, V" T( Y1 @7 ?8 `. NC 10.1.1.15/32 is directly connected, Loopback0
: J' r0 [* F1 t/ N$ CD EX 10.10.10.0/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0 |% R+ d7 g f) \4 X5 G
D EX 10.1.1.7/32 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/07 `% B) }, x2 A' C; B
D EX 10.10.10.4/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0* o( b4 G) w8 v; A
D EX 10.10.10.24/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0
9 \% |) g! E- s4 e' A4 ?D EX 10.10.10.16/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0! i7 w9 b3 m1 z( E5 Q" g
D EX 10.10.10.20/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0- \; ~2 p3 I, F. D3 `' a0 @
D EX 10.10.10.32/30 [170/2195456] via 1.1.10.1, 00:36:34, Serial1/0, f1 U: u7 N- \% X. ]3 s3 [+ d
R15#ping 10.1.1.7
2 {5 z5 X; @' g& S7 G3 AType escape sequence to abort.
1 w7 U0 \1 |9 L+ g4 oSending 5, 100-byte ICMP Echos to 10.1.1.7, timeout is 2 seconds:) k/ E/ w/ ^0 e
.....4 J2 y5 s- y. d
Success rate is 0 percent (0/1)% W4 ~) ]3 M2 i) p
R7#show ip route: L+ _4 n( V9 R* |. h8 e- a! i
171.1.0.0/32 is subnetted, 1 subnets6 k9 C* {* E0 Y0 m+ s0 P! }2 Q0 _
O E2 171.1.1.1 [110/10000] via 10.10.10.25, 00:39:24, Ethernet0/3
$ \( ^) w; w% g- m2 p 171.2.0.0/32 is subnetted, 1 subnets
% j: l) H- s" I2 l) KC 171.2.2.2 is directly connected, Loopback10) @$ C$ N3 O% O* t, [
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks! F- a c* _$ o* t& N* A9 }3 L
C 10.10.10.8/30 is directly connected, Ethernet0/1
! r# M# B, j7 \( YO 10.1.1.8/32 [110/11] via 10.10.10.25, 00:39:34, Ethernet0/3' l' c5 t1 B. g \
C 10.10.10.0/30 is directly connected, Ethernet0/0% Y m3 G( u' y$ L0 g
C 10.1.1.7/32 is directly connected, Loopback01 W8 C1 m1 \! \( @ j& a, j
O IA 10.10.10.4/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/3
; r* ~+ a$ A0 \1 X4 R" }- CC 10.10.10.24/30 is directly connected, Ethernet0/3/ X8 e6 m. H5 A
C 10.10.10.16/30 is directly connected, Ethernet0/2
" c% E2 ^/ Z! V7 \5 JO 10.10.10.20/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/3
! o" K. R7 k9 V* l. iO 10.10.10.32/30 [110/20] via 10.10.10.25, 00:39:34, Ethernet0/3+ Z; o g2 Q. }1 ^$ k9 ]/ v
R7#* y- T0 g5 a9 m9 M {1 p% @
//我们R15可以正常收到R7发过来的路由,但是R7无法收到R5发过来的路由,说明R6有发送PE信息给对端,但是R3没有发送自己的信息给R6。
3 T; j, S1 g4 L( X8 @, B `: q* U//所以我们假定问题是ip vrf对于对端的配置问题,因此要去PE上检查ip vrf是否配置正常。" e6 Z# ^4 s, U+ ~
R3#show run | be ip vrf
k6 s9 m: o' Z2 K" jip vrf site-b
. o) I* p7 ^6 | rd 20:10# Q8 @1 ?( F1 k" s, _+ o5 k2 M
route-target export 20:10 //是否发送RD为20:10的路由信息出去
! {+ m7 j, u$ v route-target import 20:10 //是否对RD为20:10的路由信息感兴趣
( g2 l* E' t, C1 C. B# p8 X route-target import 20:20 //是否对RD为20:20的路由信息感兴趣! h: S" |1 _* x
R6#show run | be ip vrf
: [0 B i/ M% I/ }. S: J& Vip vrf site-b( _6 Z7 v# C% ^% n' f2 Y( X
rd 20:20! P+ o- F. k( N8 p8 V! [" S2 F- s3 Y
route-target export 20:20
, F# |2 H. y- f route-target import 20:20/ i# w2 m2 D( B( D) D% v
route-target import 20:10' c9 u$ ^, r6 S7 T3 R& y
//这里可以了解到ip vrf 配置正常。) m& A1 `5 O# D% K6 ^) c1 n0 D
R3#show run | b r b3 s6 S, `- F3 _! j/ {
router bgp 3% y1 g3 R( a6 L% x7 [7 H
bgp log-neighbor-changes G3 S5 N3 O- r& `5 h/ G
neighbor 10.1.1.1 remote-as 3( X: a0 P# c/ P# K2 Z
neighbor 10.1.1.1 update-source Loopback04 D1 e8 G( m+ \9 A6 ]- C
neighbor 10.1.1.2 remote-as 34 W, i4 q& O+ p
neighbor 10.1.1.2 update-source Loopback00 g& N; J. W, l( N& v' g
!
' R. Z" Z* D1 g7 @% z7 T address-family ipv4
) ^* l: B) b: N8 B0 b4 H neighbor 10.1.1.1 activate
5 f: U* `6 T; _( b# w. V- J5 J neighbor 10.1.1.1 send-community
: C q" w6 z8 I% v; e neighbor 10.1.1.2 activate' n, W0 c* P0 I2 H
neighbor 10.1.1.2 send-community, M& ^ }8 r, E# s
no auto-summary
" I: A8 t" u+ J' w# p0 C no synchronization
! `' f- D& T g network 10.1.1.3 mask 255.255.255.255# R2 ~$ l; @* R- ~, j2 E( t
exit-address-family
+ w- P; E1 Z( F o* @) { M& C !% i% `' P* _) ]* R* `2 n
address-family vpnv4# _7 R( Q+ Z/ c
neighbor 10.1.1.1 activate
: Y M! p# f5 j1 X neighbor 10.1.1.1 send-community extended& L% o* m/ \' a
neighbor 10.1.1.2 activate s( ?" I4 p, c# H [7 t5 w# j
neighbor 10.1.1.2 send-community extended
) j0 l: h9 h. S exit-address-family: a1 j% i9 J! ?2 E
!; j% t) Z! I6 T) n4 Y( F2 g# y
address-family ipv4 vrf site-b: w; k: b7 s S7 h* ?+ x& ?& s
no synchronization5 c5 v0 X% W1 M) [7 h8 Y5 z. d
exit-address-family
. D7 b; `. J7 l3 p* _' M# U6 w" ^1 M//从这里我们发现R3没有把IGP重发布到BGP的address-family中。 i. x$ t. v. }! B* n2 u
R3(config)#router bgp 34 d" G. O# X" }% K% G3 m6 x0 N
R3(config-router)#address-family ipv4 vrf site-b' @6 s# L# H8 Y3 x4 N2 J
R3(config-router-af)#redistribute eigrp 200
" T- q- t& s" w& n2 d: H8 q/ c- JR3(config-router-af)#
) T# [, m; m, F//如果不记得命令,可以参考其他PE设备的配置,比如:R6
8 o2 v% b: y4 u y/ qR6#show ip bgp vpnv4 all summ( W. i/ K Y2 A; \8 J
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd' |" D% F/ O4 z, {+ S0 U; a) G$ S
10.1.1.1 4 3 78 85 29 0 0 01:04:51 3# \1 u% |( K& l! R, C6 Y
10.1.1.2 4 3 106 97 29 0 0 00:06:05 3
+ P: K/ J" c: Q4 c4 p* sR6#& O3 i }" ]8 q8 S6 w
//R6与R3成功建立了VRF连接,并且开始接收数据。7 R0 K4 P# |6 l' L
R7#show ip route6 s7 P' l- ?2 F" _. o' S
1.0.0.0/30 is subnetted, 1 subnets
& J( z! C8 I% c) |$ eO E1 1.1.10.0 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0
; v2 D# D* p# v2 B, X1 s 171.1.0.0/32 is subnetted, 1 subnets
8 h8 j4 C! s2 C, _1 tO E1 171.1.1.1 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0
1 y8 W3 D8 c4 S4 Q' L 171.2.0.0/32 is subnetted, 1 subnets
9 L( }5 U4 v. t3 k+ T: b% D- nC 171.2.2.2 is directly connected, Loopback10
2 ]5 g! M& Q# D! W1 _ 10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
+ }! E! Q7 A6 d$ R4 y- q: ?C 10.10.10.8/30 is directly connected, Ethernet0/1
" h- o% L( Y6 s3 a9 nO 10.1.1.8/32 [110/11] via 10.10.10.25, 01:08:07, Ethernet0/3* M$ u0 F) a3 P, v1 H
O E1 10.1.1.15/32 [110/20] via 10.10.10.1, 00:04:01, Ethernet0/0$ m; U _% q3 p) V4 ]7 Y9 |
C 10.10.10.0/30 is directly connected, Ethernet0/0
: j4 \2 e# } @+ i4 JC 10.1.1.7/32 is directly connected, Loopback0
! _* h: w$ o0 U3 ^! `/ mO IA 10.10.10.4/30 [110/20] via 10.10.10.25, 01:08:07, Ethernet0/3. Z# x' s: ?& o/ k$ R# M
C 10.10.10.24/30 is directly connected, Ethernet0/3
; p! |1 D* K8 o. FC 10.10.10.16/30 is directly connected, Ethernet0/2' Z/ D' Y/ t A3 `' R0 @. |
O 10.10.10.20/30 [110/20] via 10.10.10.25, 01:08:08, Ethernet0/3
0 b/ y) V6 ~: a6 o$ H3 @O 10.10.10.32/30 [110/20] via 10.10.10.25, 01:08:08, Ethernet0/31 m1 z& j, t G2 v0 ^
R7#ping 10.1.1.15
% W! j" a' }9 @0 N9 V1 I0 |Type escape sequence to abort.
8 t. |2 s3 a# u# ^: W8 @" x t7 fSending 5, 100-byte ICMP Echos to 10.1.1.15, timeout is 2 seconds:
5 y: V; Y3 v) t W: }6 d!!!!!% l- n+ s% J+ z9 M/ S/ c
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/71/124 ms. a& P5 t* w0 w9 I; j7 q& L
R7#
' R- K9 k/ n; w6 d+ z; ^! k4.CE R20 Loopback0 and CE R8 Loopback0 , there are can NOT ping each other’s.
' S C; z3 P" }* n8 f3 r//如第三题,同样是先检查直连链路是否连通。2 X* L9 V# j- r# J5 q
R20#show ip int br; O ]1 t% F7 v' p8 X0 N$ W
Interface IP-Address OK? Method Status Protocol
3 w* d. @8 G+ E& e$ g0 J+ |4 B! XSerial0/0 172.29.7.2 YES NVRAM up up
/ B9 v; S3 o! J! ?1 H" v//查看R20和R4之间运行协议是哪个。
/ D$ w0 J9 P3 q1 N4 x3 dR20#show ip pro
: T6 Y! j2 i3 R2 P( k0 hRouting Protocol is "ospf 100"7 h$ M% ?9 t, [7 U6 w+ D
R20#show ip ospf nei0 A! N. x$ R8 E
Neighbor ID Pri State Dead Time Address Interface# q+ U& l- W& u$ K4 @6 `( _& q
4.4.4.4 0 FULL/ - - 172.29.7.1 OSPF_VL06 i( D5 T2 h Q6 {" y; f
4.4.4.4 0 FULL/ - 00:00:33 172.29.7.1 Serial0/0/ ^* E4 m0 \- R
R20#$ f# F" `% T% _: V+ m1 b1 G* \
//可见,R20和R4的OSPF是FULL状态,并且是通过OSPF虚链路连接的。
; t, V$ Q! [; N5 Z$ Z( I//还记得第三题上面,我们发现的问题吗?R3在show ip bgp 表里面没有发现R4的BGP路由。0 e% e7 C | F
R4#show run | b r b
. p7 Y, [" r* p& B2 Q3 Vrouter bgp 3 Z( }6 W" p0 l- @4 V1 U, }
no synchronization0 P) I# P* b# m! C
bgp log-neighbor-changes
4 g' V1 Y, K9 J# e# x0 Z& j neighbor 10.1.1.1 remote-as 34 g. U) I- z6 X. S6 r6 d% \" s
neighbor 10.1.1.2 remote-as 3' e1 ?, u: k" w l- N' ]9 \0 L
no auto-summary
8 D" [" C r3 h* r* k2 p !, j# _! [6 U' Q/ z
address-family ipv4 vrf site-a
$ l* E& W3 c; _. q0 r: x, f redistribute ospf 101 vrf site-a5 [6 j* w8 m8 u; M5 B
no synchronization2 D. q- z! Q& x) p6 W
exit-address-family+ w) w& j+ I9 Z6 C% ]& x' K
//可见,R4的bgp信息非常少;在此,我们把它补全,如果不记得命令,可以参考其他的PE设备。: Y+ B% e0 R( f$ V
R4(config)#
* L0 \5 q5 H+ e2 ^4 ^0 Drouter bgp 3
. }4 S5 W" [* a" g bgp log-neighbor-changes
! d9 r% O7 Z$ d neighbor 10.1.1.1 remote-as 3: a. ?( u2 o& l5 L
neighbor 10.1.1.1 update-source Loopback0
3 H; p9 R- T. j6 y: _$ a neighbor 10.1.1.2 remote-as 3
' ~0 r& x3 P! c4 D$ q2 J- F3 Z8 D neighbor 10.1.1.2 update-source Loopback0
" f% J2 F3 d" T; ~$ f2 gR4(config-router)#address-family ipv44 n/ }3 [$ r% i' p: R+ {2 w
R4(config-router-af)#neighbor 10.1.1.1 activate
* V% F- l6 ]: R$ `" o SR4(config-router-af)#neighbor 10.1.1.1 send-community# ~4 d) n, ~4 G; `- C- U
R4(config-router-af)#neighbor 10.1.1.2 activate% @0 E4 v x9 Y1 L% a! I9 w2 L
R4(config-router-af)#neighbor 10.1.1.2 send-community
- U5 I$ }1 M' W3 n*Mar 1 00:31:14.799: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Up2 G" m4 V: o+ O8 [
*Mar 1 00:31:16.255: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Up
4 T; |+ {4 @6 }. A7 p0 R//输入完以上信息后,发现R4和R1的BGP邻居已经建立。
+ G8 n' X9 N) j' q0 x2 ^* t//因为VPNV4的命令还没有补全,所以R1还是无法和R4建立MP-BGP邻居。% k/ g$ t& @% Y! l# ]
R1#show ip bgp
" ?! `* g0 U- M' I. {4 gBGP table version is 13, local router ID is 10.1.1.1
. `5 c2 C3 N' K+ m# J7 A* a Network Next Hop Metric LocPrf Weight Path2 X+ k; o. u; G* t% l
*> 10.1.1.1/32 0.0.0.0 0 32768 i4 D0 N9 A M. `1 ]/ v6 g1 z
r>i10.1.1.3/32 10.1.1.3 0 100 0 i0 w' i9 [9 w# I: X/ }- c+ F
r>i10.1.1.4/32 10.1.1.4 0 100 0 i
1 _- w9 H; ~5 t1 Qr>i10.1.1.5/32 10.1.1.5 0 100 0 i
2 `% o5 j( ]0 X5 O" ]) L5 Y- H( yr>i10.1.1.6/32 10.1.1.6 0 100 0 i0 D/ e( {, i P, b/ a2 a
R1#show ip bgp summ
/ z& d+ K+ s0 D- s; n" iNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd+ t: e( u& x: @# _
10.1.1.3 4 3 38 53 13 0 0 00:30:55 16 e+ A" U, L0 p4 J6 o
10.1.1.4 4 3 35 34 13 0 0 00:00:56 1
& j& m# g" i' _$ ~10.1.1.5 4 3 50 53 13 0 0 00:30:47 1 j# q: [9 t0 f
10.1.1.6 4 3 51 44 13 0 0 00:30:55 1
* c, j4 o5 T$ Y/ {+ t% \R1#show ip bgp vpnv4 all summ
3 i4 W q. n- \5 }/ x' QNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd8 _7 A% u/ O1 X: x6 l6 _
10.1.1.3 4 3 40 55 27 0 0 00:32:07 3
: O& Z9 O; B2 X2 H* Z) X" ^# `10.1.1.4 4 3 37 36 0 0 0 00:02:08 (NoNeg)
+ a3 T" i' z8 s) K0 ~10.1.1.5 4 3 51 54 27 0 0 00:31:59 11' f' ?( c _& b( v- @
10.1.1.6 4 3 53 46 27 0 0 00:32:07 10
! x/ l0 n, ^- Y0 R8 _: g9 HR1#
7 ?5 X; Y2 D5 \; J+ ~! i$ D$ OR1#show mpls ldp nei
0 F6 ~& L% S4 f+ \7 n9 Y Peer LDP Ident: 10.1.1.5:0; Local LDP Ident 10.1.1.1:0
$ v1 \1 ^' X# O$ z$ p TCP connection: 10.1.1.5.32048 - 10.1.1.1.646, V$ r# Z2 y4 @) E5 w
State: Oper; Msgs sent/rcvd: 76/76; Downstream
4 |% c r2 E7 z2 B( Z Up time: 00:51:16
5 |; W/ G6 ]8 W1 k LDP discovery sources:: w& ]5 Q/ `: y. T
Ethernet0/0, Src IP addr: 172.14.8.18
) ~5 Y( N0 G0 w( y4 x; Q) j Addresses bound to peer LDP Ident:& J6 u7 k/ \/ Z1 B, N
172.14.8.18 10.1.1.5 172.14.8.22! ?) r _* L' q! G- N. U) s: m, _
Peer LDP Ident: 10.1.1.3:0; Local LDP Ident 10.1.1.1:0# \) j- S3 Z1 J# K, i' l/ v* ^" p
TCP connection: 10.1.1.3.52528 - 10.1.1.1.6466 P" k3 G1 q( o1 t
State: Oper; Msgs sent/rcvd: 71/72; Downstream% l- B; p3 O8 |: {; K
Up time: 00:47:561 }. i' E; b& S d1 t' x
LDP discovery sources:4 m5 y2 c9 c R! E" b. P
Ethernet0/2, Src IP addr: 172.14.8.6
! B& J3 c+ r& j4 S; K: H0 p1 p Addresses bound to peer LDP Ident:
! B* @1 C9 d7 h5 X0 [ w, {" ~9 ] 172.14.8.34 10.1.1.3 172.14.8.6
' b+ s1 C7 h( w! Z3 Z. `4 u" ]/ { Peer LDP Ident: 10.1.1.6:0; Local LDP Ident 10.1.1.1:04 h. L- d0 j. a& l# ?
TCP connection: 10.1.1.6.61959 - 10.1.1.1.646# r6 A# d, c* ~: L" M5 b( y5 ^' s
State: Oper; Msgs sent/rcvd: 71/72; Downstream
9 C7 e+ @! f* q Up time: 00:47:55
/ i! j4 }# [, O" h6 U4 e1 i LDP discovery sources:# y& k3 t+ u# m$ R
Ethernet0/3, Src IP addr: 172.14.8.14
" o; F8 _7 |1 Q+ J# P. p1 _ Addresses bound to peer LDP Ident: r( R1 F) Q* ]) ]) u- `9 l8 M
172.14.8.26 172.14.8.14 10.1.1.6
1 a4 c5 R; F& R; _1 N$ _R1#
o2 ~6 M% I( F0 m3 t' d, ?R4(config-router)#address-family vpnv49 o3 U- p8 K8 {$ P, O1 T
R4(config-router-af)#neighbor 10.1.1.1 activate0 O" u; g7 x* W9 N& Q
R4(config-router-af)#neighbor 10.1.1.1 send-community6 i6 g- d% N0 a0 R8 ?9 i
*Mar 1 00:35:11.695: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Down Address family activated& Z, V, y0 z3 m
*Mar 1 00:35:13.955: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Up
J- ~ l& s( ^% h! F8 f" LR4(config-router-af)#neighbor 10.1.1.2 activate- N1 R+ m8 U0 q1 n' k2 W
R4(config-router-af)#neighbor 10.1.1.2 send-community
) L4 f* |+ p; f6 H0 P. K*Mar 1 00:35:52.895: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Down Address family activated
: x' F& g% A. B+ k$ N*Mar 1 00:35:55.167: %BGP-5-ADJCHANGE: neighbor 10.1.1.2 Up ?5 ?. D6 G% l7 A# x0 e" n+ C
R1#show ip bgp vpnv4 all summ
3 s# B" r- e' BNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
. n& L8 m8 U' P10.1.1.3 4 3 43 62 33 0 0 00:35:17 3
3 B/ E0 `% f: a5 n2 d10.1.1.4 4 3 48 63 33 0 0 00:01:18 6* O) w6 p4 J- q- Z& D: E9 X0 E
10.1.1.5 4 3 56 62 33 0 0 00:35:08 11/ V B; w) X5 K# r6 K# F$ ` d
10.1.1.6 4 3 56 53 33 0 0 00:35:16 101 v( B2 c1 W4 t: x( N
R1#9 o- n+ R1 B% _; _" a9 [! H. X
//R4和R1的MP-GBP邻居也已经成功建立。! `% d$ r2 Q3 E' ^+ f2 ]1 h0 Z
//R1是P设备应该有4个PE设备的对端,而且从RID地址可以了解到R4没有在R1的MPLS表中,这个是上面出现的第二个问题。 h N( X- G- `5 v) o! c: ^
//然后就开始补全MPLS VPN的命令,在补全之前,先查看R4的VRF名字是什么。, g% w0 C L5 y7 {3 D+ m! v
R4(config-router)#do show ip vrf
6 H5 g# J0 f( v Name Default RD Interfaces1 m, |$ X8 C( m* i5 g
site-a 10:20 Se1/0( u' f9 ?& v$ U" q$ d# D( x
R4(config-router)#
; n! e5 o: m1 x* x- B4 M# rR4(config-router)#address-family ipv4 vrf site-a7 y( i* |4 n) Y; I- e" [0 d
R4(config-router-af)#redistribute ospf 101 vrf site-a match internal external 1 external 2' `- f/ j* G! }( ?6 E2 Z
R4(config-router-af)#exit, ~/ n3 j: z; _* p
//命令补全后,检查IP VRF的RT是否配置正确。
2 k F. |" L& B3 [ C+ kR4#show run | be ip vrf
3 i0 K" Y, d8 J+ \! t9 O7 @3 Kip vrf site-a
" n* J5 |0 t/ G a" ^4 B4 h9 B rd 10:20: d- [' B. l g8 B
route-target export 10:20+ P% ?( v' I4 }+ x% G" `
route-target import 10:20
1 U4 N& x+ K" l% u& }!
, N- B- e% K5 y2 s0 P9 P5 ?. \!
* D- k( ]9 q7 Y( s# [ipv6 unicast-routing
5 \' y) L) x! D: E: u' lmpls label protocol tdp0 A. b c0 m. B+ s0 [
//R4的VRF目前只对自己的信息会进行接收和转发,我们应该增加对R5的数据感兴趣。
: o, b, X2 s) H! b+ R yR5#show run | be site-a8 ]7 H3 u4 {' t1 X9 W* L
ip vrf site-a5 _. {9 r& e& N `3 t$ @
rd 10:10
- z$ Q2 C: D4 i4 G. b route-target export 10:10
% |! M, ]! h r& E route-target import 10:10, V) S# x; Q2 w2 |
route-target import 10:20) ?' x: |: o7 g* A8 j2 |% l+ p- q
R4(config)#ip vrf site-a4 O, Y% V0 X% N) o0 ~4 ~( J* ^7 W9 A, U2 [) y
R4(config-vrf)#route-target import 10:105 @* G4 o0 b- e7 d: X# s& j! Y. o
//完成后,分别去R20和R8上面查看是否存在对方路由,并且进行测试。
( A* x- U! \1 Q7 _; HR20#show ip route
$ ~* O9 G9 c( l9 l 171.1.0.0/32 is subnetted, 1 subnets+ k( ?5 _/ T1 p* k5 j: |( v0 }
O E2 171.1.1.1 [110/10000] via 172.29.7.1, 00:01:10, Serial0/0
' x& |# U, \9 m7 X 171.2.0.0/32 is subnetted, 1 subnets
9 A/ e) Q/ z( E) q* jC 171.2.2.2 is directly connected, Loopback1
- h! `$ u% G; E5 ^8 f; G& p$ d 200.20.20.0/32 is subnetted, 1 subnets/ k# } x r- y' _7 O. L0 m. r6 I
C 200.20.20.20 is directly connected, Loopback10! n9 ^, I& C6 j: B1 B
172.14.0.0/30 is subnetted, 1 subnets* t- q$ e3 F) b; S2 T3 R
C 172.14.9.0 is directly connected, Ethernet1/1; |1 n T9 F, d8 D! D( m2 d
172.29.0.0/30 is subnetted, 2 subnets
) }6 A! G. o) rC 172.29.7.4 is directly connected, Ethernet1/0+ a0 r4 j9 h/ s. n. a3 C6 z
C 172.29.7.0 is directly connected, Serial0/0
5 H2 t/ _# w# `+ M 10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks* E3 n9 [$ D- F
O IA 10.10.10.8/30 [110/94] via 172.29.7.1, 00:01:15, Serial0/0- \& @& K0 i1 X- R- o7 b
O IA 10.1.1.8/32 [110/75] via 172.29.7.1, 00:01:16, Serial0/0
6 @% o* p4 a5 }' a% Z: i3 aO IA 10.10.10.0/30 [110/94] via 172.29.7.1, 00:01:16, Serial0/0* Y8 F; B0 V* O4 N! }. n5 |
O IA 10.1.1.7/32 [110/85] via 172.29.7.1, 00:01:16, Serial0/0! J M3 q5 T2 z) {4 l* T+ ]
O IA 10.10.10.4/30 [110/65] via 172.29.7.1, 00:01:16, Serial0/0. X9 H" X' C" W5 j/ s
O IA 10.10.10.24/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/0+ I! R% h! P: W& h. [, b/ w) a7 c x
O IA 10.10.10.16/30 [110/94] via 172.29.7.1, 00:01:16, Serial0/02 y0 d# M+ `/ K6 I8 y
O IA 10.10.10.20/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/0
; z7 H6 M& d9 `2 Z* `C 10.1.1.20/32 is directly connected, Loopback00 _9 d/ S' J* X
O IA 10.10.10.32/30 [110/84] via 172.29.7.1, 00:01:16, Serial0/09 \5 M- R+ M( D r0 P
R20#ping 10.1.1.8
8 W# x% [& R! F H( gType escape sequence to abort.
, g, b9 \! d# q! R* I% [Sending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:
8 k3 w* t7 e& G; K7 g' a9 o) ].....
. _4 H; v1 e9 iSuccess rate is 0 percent (0/5)
2 ], Z3 @0 T- I8 g: JR20#
* K6 J; K' T/ V# d" j% w: sR8#show ip route0 P! y+ h! z d; f
1.0.0.0/30 is subnetted, 1 subnets
& v6 N7 t8 |* |. x) r j6 F% b. ~O E1 1.1.10.0 [110/30] via 10.10.10.26, 00:10:36, Ethernet0/35 ^0 y3 P4 M) ?2 [) J Q
171.1.0.0/32 is subnetted, 1 subnets
, J0 x* W- T& a) z" \. ^1 v8 @- iC 171.1.1.1 is directly connected, Loopback1& v r8 f& A C3 @4 X
171.2.0.0/32 is subnetted, 1 subnets
. K/ ~% C7 |% O6 z/ C9 m3 XO E2 171.2.2.2 [110/20] via 10.10.10.26, 00:10:36, Ethernet0/3$ M$ N, G! U2 `: L( L; {
200.20.20.0/32 is subnetted, 1 subnets2 f0 V7 V* m" z( k+ i& `" n
O IA 200.20.20.20 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/2
) i& `9 {/ w& \5 @" `8 y 172.14.0.0/30 is subnetted, 1 subnets
) m% [+ g( |7 q$ ^O IA 172.14.9.0 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/22 {0 Q" {' {1 {/ z' A$ ]6 O* m/ M# ]; i
172.29.0.0/30 is subnetted, 2 subnets! d" l; F& ~( L7 J8 e3 J% R9 ~) ^ `
O IA 172.29.7.4 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/2$ K2 w$ y0 Z' E! c6 X8 H$ O% z0 I
O IA 172.29.7.0 [110/20] via 10.10.10.5, 00:10:41, Ethernet0/25 P4 F! i/ V5 v
10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks$ x/ Y! D" x& m n( Y+ _( c
O 10.10.10.8/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/3' S' @/ W m1 K E( n
C 10.1.1.8/32 is directly connected, Loopback0
# g: j0 I! H5 Y/ e1 ?, T4 zO E1 10.1.1.15/32 [110/30] via 10.10.10.26, 00:10:37, Ethernet0/3
: \& `! ]$ @, l) t% iO IA 10.10.10.0/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/3: L" a/ n& d- i {
O 10.1.1.7/32 [110/11] via 10.10.10.26, 00:44:38, Ethernet0/3
9 p' i- |4 |4 t3 dC 10.10.10.4/30 is directly connected, Ethernet0/2" Y' n& f ^8 N
C 10.10.10.24/30 is directly connected, Ethernet0/3
+ ^* Y) f4 e- |3 M; g n4 FO 10.10.10.16/30 [110/20] via 10.10.10.26, 00:44:38, Ethernet0/3
; G/ t8 l/ A$ ?& s7 s$ tC 10.10.10.20/30 is directly connected, Ethernet0/1
8 ?6 N1 f! T' y0 f6 u* uO IA 10.1.1.20/32 [110/20] via 10.10.10.5, 00:10:42, Ethernet0/2
, E8 p" L. s" E1 b: D% O1 K; e% LC 10.10.10.32/30 is directly connected, Ethernet0/0
+ k. B# U; L7 ?0 g# H4 _R8#ping 10.1.1.20
1 X8 l7 n+ A1 w RType escape sequence to abort.) u+ } S/ S- G7 {4 \
Sending 5, 100-byte ICMP Echos to 10.1.1.20, timeout is 2 seconds: j# F; K2 j6 o- n
.....9 r! V# v' F# T' S9 U2 T
Success rate is 0 percent (0/5)
, v) s1 t- e, A1 d5 u4 y5 [0 ?R8#0 ^8 S' z C% g0 R' ]' U$ l
//为什么两边的CE设备都已经存在了对方的路由,但是却无法ping通呢?
* ~$ Y" _7 i5 m; S//如果细心的朋友应该留意到我刚刚show的一段命令:mpls label protocol tdp
3 N. U9 @" T: n. u//这句命令我相信大家都明白,是MPLS的协议类型不匹配,导致无法通信的8 \; K6 Z; u" F$ k% J' J" _
R4(config)#mpls label protocol ldp
2 U+ e6 R/ ~! p- J% JR4(config)#
) v, `8 a* p! ?! s*Mar 1 00:58:17.463: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.2:0 (1) is UP3 R" V& J% C2 V2 M9 F
*Mar 1 00:58:18.835: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.1:0 (2) is UP7 U1 y6 Q$ r- a
//这时,R4与R1和R2的MPLS 也成功建立起来了,我们再测试一次。 W# u* J. \9 g. J: B( ]
R20#ping 10.1.1.8
7 P# `1 X0 A: v' MType escape sequence to abort." z% M4 Q( H' n# i- J
Sending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:
% w3 M2 z4 w% K7 H. h5 ]3 N6 J!!!!!$ k& ^! h. v) y9 J: q2 k
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/122/184 ms0 Y! Z7 ?- L+ W9 x
R20#
: I) @8 a9 O& z! hR8#ping 10.1.1.20
; i1 e5 b2 d& A$ Y4 m( t2 GType escape sequence to abort.$ m" w. z% e" G i) j
Sending 5, 100-byte ICMP Echos to 10.1.1.20, timeout is 2 seconds:
0 o- c. S* i7 v!!!!!# z" Q1 B' c- _4 A2 f; L; f
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/128/156 ms& v' c! M: k4 j% c m1 W
R8#
8 v8 m4 c# x- V, n0 r5.IPv6 R8 can NOT ping R4 loopback200 CC1E:1000:100::100, fix it.
/ H/ A: E- n* @& }8 tR4(config-if)#do show ipv6 route+ k$ ~2 O% o4 g" [) N; _. D8 M3 O/ L
IPv6 Routing Table - 10 entries, c# Y. u# u7 b1 { m& i# w
C 12::/64 [0/0]
: T/ ]: t5 r* \$ M! h$ j via ::, Serial1/0
# u: m3 X' o- t/ y" O( sL 12::2/128 [0/0]4 o3 ]7 s3 D7 c; L: G& |
via ::, Serial1/0
- g+ }' c- `7 ]. R) A/ R1 Q- C! G3 OC 13::/64 [0/0]
3 c! K; f" `$ F2 M via ::, Ethernet0/1" z4 X# T7 F6 W4 n9 @1 k
L 13::1/128 [0/0]- Y3 H- T' u" [5 i& R
via ::, Ethernet0/1: }- X- G) ?8 v$ @: Z7 l3 i9 z& O
C 14::/64 [0/0]
) c, N) f% g5 a1 y' S& P- { via ::, Ethernet0/2
9 ^: s2 q5 [; E1 B5 u6 ?L 14::1/128 [0/0]
% j# x3 i+ [( Z+ Y: O- T via ::, Ethernet0/2
. W" I; T* x1 y4 wC CC1E:1000:100::/64 [0/0]
- e( c. R e8 Q; y7 _) ]+ N F; I via ::, Loopback200
( i. _* v/ r# HL CC1E:1000:100::100/128 [0/0]
* C; K! u" {7 _ via ::, Loopback200; o5 C8 H8 r, }# e/ {
L FE80::/10 [0/0]0 {; i6 d3 o, a1 \4 l% f/ l+ K8 R
via ::, Null0
* B: v+ q( @$ i$ N- ~& C aL FF00::/8 [0/0]: \& T& I9 _* S, e P! o6 t, D
via ::, Null0
2 w' W' W! X7 {' g! c) J//只有直连路由和本地路由,查看R4是否加入到IPV6的协议中。
7 r0 w5 h! _# Y" x3 dR4(config-if)#do show ipv6 pro
$ d% i& c: T" Q6 lIPv6 Routing Protocol is "connected"0 U" p }. c! P. j5 E1 R6 m' H
IPv6 Routing Protocol is "static"
' q4 A; w. Y }IPv6 Routing Protocol is "ospf 11"
: x# M$ C, j, Y+ F) X% j Interfaces (Area 0):6 J1 S8 G4 L' t% X8 @7 B! m" Y
Serial1/0" ~! w0 R" Y; L$ E- ^7 M
Ethernet0/2; y9 B8 z( f7 i; j4 @7 Z* ^7 w& w
Redistribution:5 \& C0 D' t: v9 ]' W+ ?+ X
None. C7 F3 y* R5 M1 y- w1 s
IPv6 Routing Protocol is "bgp 3"
- Q' p; a; S) U( Y$ L& t% T* w9 l IGP synchronization is disabled6 r' h+ j5 |4 l+ ^, H
Redistribution:) P5 b' b: q! b9 { K4 x; h$ ?( H/ c
None# i5 ]1 e/ ?1 g% p& Y- n, @
IPv6 Routing Protocol is "bgp multicast"
% I# Y. |; C K; H* u _5 u- Z# l IGP synchronization is disabled. _* s" Y4 g5 T+ o x4 K3 B3 a
Redistribution:5 N. y) C ^/ I7 t
None T& \7 N6 n1 X5 O, ~2 ~
R4(config-if)#
y1 n# Y3 O3 R6 J) L- Z//IPv6运行了OSPF 11,并且在端口E0/2发布进了OSPF( H9 d, e9 p8 e+ Y
R4(config-if)#do show run int e0/2
0 @' O T6 K: K$ [- `interface Ethernet0/2
/ M4 y! w7 X, J# g0 B/ v ip address 172.14.8.30 255.255.255.252
& Z0 Y/ h9 ]8 x. X8 P3 h- P" L! l; z ip ospf message-digest-key 1 md5 cisco9 D# r0 O6 B! Y1 d
half-duplex- U r' `$ S" b+ I7 O, y
ipv6 address 14::1/64% `# l6 B* B+ j( p
ipv6 ospf 11 area 05 `3 B9 V7 ]) _- T8 D0 j
mpls ip2 M S m9 ?9 A b& }
end
# W/ _$ `) t% o! I6 \//沿路查看所有的IPV6信息
- }# s- s" ^# T9 d$ q( X- t3 dR1#show run int e0/1
) w i+ k6 c5 T. ~/ N ipv6 address 13::2/64* Y- b. T) l- O; i! Y% e
end
" ?* U, |/ b$ m; W8 @R2#show run int e0/2, q* c- G- h- b4 Q" m1 l% w
ipv6 address 14::2/64
3 ^2 E/ Z; F- K" c7 Z1 ]end
) J9 O- V& n$ G% C//R1和R2的IPv6端口信息
8 \+ V* ?' [$ W$ \! ER1(config)#ipv6 unicast-routing
! w; K# w( a1 S7 NR1(config)#int e0/1
4 r9 i% E: U m& c" t& fR1(config-if)#ipv6 ospf 11 area 0
/ M' B; t2 \8 t% W3 LR1(config-if)#
& M" V" N( ? `0 F3 s6 e8 c! tR2(config)#ipv6 unicast-routing
8 F% H2 y) j& D1 u* J" yR2(config)#int e0/2
! o6 ~5 y# D3 {4 k3 ^R2(config-if)#ipv6 ospf 11 area 02 j1 I6 p* n- P8 Z
R2(config-if)#
1 }$ C# Y J5 t3 P0 j8 a" R*Mar 1 01:21:47.119: %OSPFv3-5-ADJCHG: Process 11, Nbr 172.1.1.4 on Ethernet0/2 from LOADING to FULL, Loading Done
U! [5 G* h! b( W% z//在接口简单的配置完IPv6OSPF命令后,R2和R4建立了OSPFv3邻居,但是R1没有和R4建立OSPFv3邻居。
6 N8 m" n, m& W//去连接R1的R4e0/1接口上看看。7 T5 W1 X6 ~& l/ w) x8 q+ M8 [
R4(config)#do show run int e0/1
2 J" m2 q1 e) C$ u9 Ginterface Ethernet0/1, m& \' Z+ H4 J, e( U) z; o6 {
ip address 172.14.8.10 255.255.255.252
, f+ ?" h7 t0 e7 m1 d6 P- T ip ospf message-digest-key 1 md5 cisco% r5 @& Y" m: k9 h$ f% H+ Q& t
half-duplex' L% W, F! C8 x H6 n* `
ipv6 address 13::1/64
* ]1 D* h! B: H6 x) }" c* z, d m mpls ip
) d: |4 f3 G; _, Y//R4的e0/1也漏打了命令,补充完整。
2 B& v) ^" x3 H5 j& `) TR4(config-if)#int e0/1) C5 C' b8 {) N7 k9 y
R4(config-if)#ipv6 ospf 11 area 0
6 _# C* ~5 W0 HR4(config-if)#; y8 B+ u; t" @5 X
*Mar 1 01:28:25.979: %OSPFv3-5-ADJCHG: Process 11, Nbr 10.1.1.1 on Ethernet0/1 from LOADING to FULL, Loading Done# W& h- G% _) @
//继续往下一段链路检查5 i3 Q4 K, e- K! x' v. _0 N# ?
R1#show run inte0/0
: \# [6 X2 _. M- E; i+ r ipv6 address 15::1/64
+ E1 r0 T. a; V- b ipv6 ospf 11 area 1* o3 E- {# M4 C |4 N* x( }3 T
mpls ip+ ]6 ~& b% t _; Z% h! H" L
end
' p# V* D: K" u3 y8 UR2#show run int e0/3
) x9 [* E- b8 r* o2 x ipv6 address 16::1/646 k- h+ @1 X" }* e; Y
end
, q+ ?2 l/ w5 f, R* c//参考R1,并把R2的e0/3接口命令补充完整。
9 l! L# w1 f6 ?( X! ?R5#show run int e0/0
) ^, D% s0 \% n- e& x+ N: H ipv6 address 15::2/64
* K# s4 G# D+ R ipv6 ospf 11 area 1* y, K: j* ^1 M% q4 i$ m& B4 B6 F
mpls ip9 ^. T, Y( p+ T1 U. [
end
Q* e2 h1 `" t7 @R5#show run int e0/32 x/ {3 l5 D3 \+ u& g) w0 D& U/ D. S
ipv6 address 16::2/64! D" H: a% Z! j1 W( _
mpls ip2 q! u& J/ W8 I9 u7 w- F+ E
end) g4 c: I: I' f. K" ]' k; H$ N
R5(config)#int e0/32 ?9 j0 l4 C& S( O F& @, Q0 x# V
R5(config-if)#ipv6 ospf 11 area 1
. V, ]4 j5 n6 W* H W/ S: F0 bR5(config-if)#: `5 y/ o# w5 P) F. Z
*Mar 1 01:33:05.923: %OSPFv3-5-ADJCHG: Process 11, Nbr 10.1.1.2 on Ethernet0/3 from LOADING to FULL, Loading Done9 p% s3 E9 U- n
R5(config-if)#do show run int e0/2. C9 n. k3 m7 i. s
ipv6 address 17::1/64; ]( y0 H6 j- i! z l& i: O8 M
ipv6 ospf 11 area 13 e0 r9 Z& |4 G$ s4 v' c% O" G3 k
end: a% d `( w( e2 _
//R5同上
# w+ u7 H& v7 \+ C* t; YR8#show run int e0/2: g" S+ E+ P: u8 X5 x& h
ipv6 address 17::2/64: ?1 p$ ~3 R: V1 R: O( z; i# z& M* b
ipv6 ospf 11 area 1
|$ s4 v: P, qend
! ^6 J# z. k% F% }4 G8 q0 D: l" `//当查看完R8的端口后,发现基本命令都补充完整。接下来查看是否有收到IPv6路由。
2 y6 K% n+ I \% E; l: ~0 AR8#show ipv6 route7 u* H, N, t% K
IPv6 Routing Table - 9 entries
& M; u/ }/ z1 ZOI 12::/64 [110/94]
0 s( a- o% D# S! N via FE80::CE0C FF:FEA8:2, Ethernet0/2' N; H# o, p3 A9 P
OI 13::/64 [110/30]- ~0 ]+ V: c8 i X* U7 g* B
via FE80::CE0CFF:FEA8:2, Ethernet0/2
+ h! m3 R1 u: y) r4 rOI 14::/64 [110/30]
; X, \1 Q, s# g" c7 j3 h j via FE80::CE0CFF:FEA8:2, Ethernet0/26 ~# y* S& L5 E
O 15::/64 [110/20]
4 I, Q' {" W% X- w; t8 e5 i via FE80::CE0CFF:FEA8:2, Ethernet0/2& J% Z- a7 `" Q& d* X/ R
O 16::/64 [110/20]- Q: z5 o: I: b* p& v
via FE80::CE0CFF:FEA8:2, Ethernet0/2% J* \( ^0 \$ Y4 M" ^
C 17::/64 [0/0]0 d! K) ^# }. l& [; Q8 p% Q
via ::, Ethernet0/29 Q" i8 l" R# p7 ]0 J+ R }& M% j7 m
L 17::2/128 [0/0]. I5 N0 _# z. U2 x$ {# i
via ::, Ethernet0/22 a4 F8 g$ P$ [' t; J$ @/ l! i' ^
OI CC1E:1000:100::100/128 [110/30]
, G$ S0 q! f) ~1 P$ U7 y via FE80::CE0CFF:FEA8:2, Ethernet0/21 A7 p& i. Y8 k
L FE80::/10 [0/0]
' @+ w. |$ x0 t5 ]6 ]5 f7 o, K via ::, Null0, n) F2 X2 s( v1 F3 f! ^
L FF00::/8 [0/0]
1 S& @) e7 B3 Y! W: C1 m via ::, Null0( M5 e, M6 }5 B$ L6 [/ l+ @
R8#
# `' w0 @/ \6 q. C5 b1 f: a//R8已经收到R4的两个分别连接R1和R2的端口的IPv6路由以及R4Loopback200的信息。: _* t3 h u, Z) O. i
R8#ping 13::1
$ u5 D) y0 K* l! U5 WType escape sequence to abort.
7 P) q" ?" D+ I/ x+ B: Y5 \% w* PSending 5, 100-byte ICMP Echos to 13::1, timeout is 2 seconds:
3 N( U. k+ o4 }4 @3 _!!!!!6 ~3 ^" J4 J) v: Q
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/120/256 ms: f3 m2 S+ ~/ d8 w9 b6 M$ w
R8#ping CC1E:1000:100::100! V8 E% J3 H- b9 |
Type escape sequence to abort.
5 j' p, m9 G' \# ]% k# N; [Sending 5, 100-byte ICMP Echos to CC1E:1000:100::100, timeout is 2 seconds:! @+ M" d+ Z! H# ^
!!!!!4 k) _& k/ |0 }
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/85/120 ms
1 l8 G; D: v* FR8#
& ^3 G, H h% P( J6 B7 \5.R22 and R23 can NOT established ospf neighbor.5 H. u- q+ x8 c V- E
R22#show fram map
7 q$ }: ]- |; l: z) jSerial1/0 (up): ip 172.14.9.1 dlci 22(0x16,0x460), static,
5 g% }9 K9 J7 H* }$ N# e9 W CISCO, status defined, active
) y7 Z7 {. G+ DSerial1/0 (up): ip 172.14.9.2 dlci 23(0x17,0x470), static,
0 b9 E$ P0 y e: y8 o CISCO, status deleted
& q" t( V7 ~6 b/ A {# |R22#7 A- Q. ~. i( \2 c0 O
//因为中间有个帧中继,所以出现问题先查看帧中继链路是否正常。) P; b8 F' d w+ D3 q' L
//从show fram map 就可以发现R22的邻居172.14.9.2 的DLCI错误。" J3 }4 _/ m. J/ b1 c# i
R22#show run int s1/0
% ?8 P+ B6 D. x" g' p9 pinterface Serial1/0
M( E* h9 J3 b6 W9 D ip address 172.14.9.1 255.255.255.252, g, `( I/ Z0 C& m( _
encapsulation frame-relay/ J/ }& {! o9 W5 B5 i" d
ip ospf authentication message-digest
, b/ Z `+ ~" X ip ospf message-digest-key 1 md5 cisco
1 @9 C/ w# K W5 Q( P/ S6 @2 n* S7 u& }& } ip ospf network point-to-point
h" a( t1 \* V' G5 Q serial restart-delay 02 k5 n" ^; V6 f/ X" L
no arp frame-relay/ o1 X) t- J+ ?, A
frame-relay map ip 172.14.9.1 22$ {8 B6 {( \; A, W ~$ Y
frame-relay map ip 172.14.9.2 230 E: S9 r+ U8 K% o
no frame-relay inverse-arp
: \+ n2 d, B& a2 [( r frame-relay lmi-type cisco2 j9 B) a$ ^5 ~& }4 b! a
end
: u: h/ Q6 e+ j# F( @//帧中继链路关闭了自动映射,所以要手工配置。- U9 M- l3 k5 P# m
//输入的是本地DLCI号,以及修改成广播方式学习。
( ^* D$ e! U/ q% ?% SR22(config-if)#no frame-relay map ip 172.14.9.2 230 x# V8 ]* o t2 g5 w& f* g& s
R22(config-if)#frame-relay map ip 172.14.9.1 22 bro
8 [$ w+ e' R6 ^3 zR22(config-if)#frame-relay map ip 172.14.9.2 22 bro6 P8 }# `6 v. o8 v% i5 y
R22(config-if)#
3 S! c* U5 d$ i, X//R22修改完成后去R23上进行同样的配置。
2 b) l% b' n: m8 RR23#show run int s0/0
5 P9 @0 O( R5 l L0 M4 linterface Serial0/0- l3 v# |: x9 h* b" ?6 I
ip address 172.14.9.2 255.255.255.252- r3 w2 a% a( a! A
encapsulation frame-relay9 _! Z- m9 V! [4 y) [5 w
ip ospf authentication message-digest; l: O) d' K1 Z' x0 {$ u
ip ospf message-digest-key 1 md5 cisco0 F; R" X$ |7 M, ^" @
ip ospf network point-to-point' ~, P7 g8 t1 ~
serial restart-delay 0
! {2 n9 a7 h4 W4 D7 X- c no arp frame-relay j/ x9 Y% \! _0 U6 D
frame-relay map ip 172.14.9.1 22 broadcast
8 ` b0 d) R; S, Y+ K3 L no frame-relay inverse-arp/ ]6 L; k7 W4 a( `2 J& S8 b; u
frame-relay lmi-type cisco
4 W0 \1 j/ ~# w3 Q) s2 b: Zend
0 ^1 y- J. Q2 d, ^5 v5 s) Q//本地DLCI号配错,并且少了自己的帧中继映射表。
_. a% P/ ~1 L* f, P1 L//插播:为什么要配置自己的地址?
& r* W4 N7 g3 [6 |, S+ F, R7 Q 因为帧中继链路如果想ping通自己的地址,则需要把数据包发送给对方再返回,( W$ G0 q" h( F( i# g# \% d& r
在没有配置映射表的时候,数据包不知道这个没封装的包要如何发送,所以会失效。
* B' w4 J! l+ m9 DR23(config)#int s0/02 }2 z4 _2 Y7 @ m! C7 L! M/ I: Q
R23(config-if)#no frame-relay map ip 172.14.9.1 22 broadcast
. N) Y/ l( B, u3 ^1 {; |R23(config-if)#frame-relay map ip 172.14.9.1 23 broadcast
; ~/ ^7 e. X( e! oR23(config-if)#frame-relay map ip 172.14.9.2 23 broadcast% Q& {$ Q6 F! i& }5 R( s5 V
R23(config-if)#. N; G3 ?* e" l0 d/ F
*Mar 1 00:16:23.083: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.1.22 on Serial0/0 from LOADING to FULL, Loading Done
$ m" f# h8 _4 p% QR23#ping 172.14.9.1, |# [# I0 C7 A
Type escape sequence to abort.
& l0 p9 Y: X6 Y( e8 M. R6 A( ESending 5, 100-byte ICMP Echos to 172.14.9.1, timeout is 2 seconds:
O% S, F3 e( {' E% M( I4 h1 K0 ?!!!!!" V7 x {" Z( k& t7 j
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/33/64 ms* b: j/ A b7 V7 r5 Q
R23#ping 172.14.9.2
6 ~3 f1 p! M n: @) ~Type escape sequence to abort.
8 C; h) N% |) p+ ASending 5, 100-byte ICMP Echos to 172.14.9.2, timeout is 2 seconds:5 e' H. e- M6 F
!!!!!
5 f/ F- L+ p% _% fSuccess rate is 100 percent (5/5), round-trip min/avg/max = 48/76/132 ms
2 [2 j3 F8 V$ M% K( i# ^0 T* ER23#
L% N) K& f2 o- W6 Q6 C6 \6.Following the diagram, R20 logging in R23 should be NAT, please figure out the questions.
7 I7 u' B0 e- N7 L; _9 HPro Inside global Inside local Outside local Outside global" B$ x: X+ [! m3 }: a5 N: ~
tcp 172.14.9.1:18335 172.29.7.5:18335 10.1.1.23:23 10.1.1.23:23& p8 _0 @0 K8 l2 n1 p) U8 U! o
tcp 10.1.1.22:36018 172.29.7.5:36018 10.1.1.23:80 10.1.1.23:80
+ ~( r- z0 x7 e! o
3 C& S2 y6 B: b' @. u3 b- N$ g//R20登录R23会出现地址转换。从拓扑图中,我们可以知道R22是NAT服务器,我们主要解决的是服务器的问题。
; W" ?3 H1 q8 \( s! C8 V* M//根据上图,我们可以得到的信息如下:
) ?; w$ z. v; E' _- L2 N8 wR20的e0/1口以上,是内部区域。" N4 t* r' A) R% j Q8 ?: x
R20的s1/0口以下,是外部区域。R20的内部本地地址172.29.7.5在通过R22NAT服务器的时候被转换成172.16.12.1来连接到R23的Loopback口的23端口。 a% o# P* M7 A
R20的内部本地地址172.29.7.5在通过R22NAT服务器的时候被转换成10.1.1.22来连接到R23的Loopback口的80端口。
+ q' `7 i$ f* v1 s) ]R22(config-if)#do show run | be ip nat
3 E% S2 ?( X; b; J( H6 tip nat pool aa 172.14.9.1 172.14.9.1 prefix-length 24& V6 n$ u% O# T2 I" m
ip nat inside source route-map b pool bb overload
9 D/ P! ~8 X% ~ O' G8 F- p" ?, r9 M!- g, w2 I4 R$ n9 ~6 \6 g {
access-list 100 permit tcp host 172.29.7.5 host 10.1.1.23 eq telnet; X* ?. Z: Z% X' k/ o/ h
access-list 110 permit tcp host 172.29.7.5 host 10.1.1.23 eq www) K9 \5 ^' ?* |" u( f7 Z
!, q6 s- X( n) N
route-map a permit 105 G4 b5 [( n) U8 y" l R, Y
match ip address 100& ^/ t+ h" T/ D
!
" V# p# t, I7 a9 H& u3 zroute-map b permit 10
- t$ A* q& q2 }5 T!
3 u( g1 ~3 m* n6 f/ X- I//在这里我们发现有两条访问控制列表应该被使用,但是目前只使用了一条,包括其他所有的命令我们需要补全它。
. X$ e( `1 |' X$ z- bR22(config)#ip nat inside source route-map a pool aa overload$ h- s" E) V! ~5 b$ x+ q
R22(config)#ip nat pool bb 10.1.1.20 10.1.1.20 prefix-length 24, \% w4 _2 U; P
R22(config)#route-map b permit 109 C+ s+ l0 b+ [
R22(config-route-map)#match ip address 1107 ?3 O- M9 i) R5 e
R22(config-route-map)#exit
+ Q7 q7 A) R( V2 d: m5 p8 @% |+ B//完成后在R20上尝试是否能登录过去1 s& ~3 n6 u/ u1 y5 ]$ [3 @* h
R20#telnet 10.1.1.23 23
- R: y! _- _& H5 k6 gTrying 10.1.1.23 ... Open
! z- N3 _" G2 X5 }5 B7 @User Access Verification
9 A; Z N5 r8 y( yPassword:
5 b' ]9 h7 q. Y6 a5 z. [R23>exit, q Q5 `8 R+ c$ e
R20#telnet 10.1.1.23 80
5 A: B) _; h9 G) g2 y% HTrying 10.1.1.23, 80 ... Open7 o0 [" g: f8 Z y3 W. h, w
exit3 b' z: u5 @4 s6 t2 d) S" m! F
HTTP/1.1 400 Bad Request0 q5 N: S$ i1 T
Date: Fri, 01 Mar 2002 00:06:38 GMT
% @, ]5 o. t2 O3 c9 s# A# jServer: cisco-IOS; [ o4 q A$ m
Accept-Ranges: none0 N2 N2 G! W8 c1 L' T* |
400 Bad Request
1 r0 ~# V+ C/ ]' i[Connection to 10.1.1.23 closed by foreign host]& w2 |( _" r# [- D/ l
R20#2 T" ^' v) l* k P$ Q" f
//在R20上测试完后,我们去查看一下R22NAT的转换表! c' b; d8 R& l
R22(config)#do show ip nat tra* Y+ h. k0 M6 n
R22(config)#; s$ L8 v9 c i/ O7 y7 O
//转换表是空的。去检查一下接口是否启用了ip nat inside & outside
0 g, S. I3 k8 IR22(config)#do show run int e0/1; m: [1 k" k8 |5 \9 Z& b
ip address 172.29.7.6 255.255.255.252
|1 K4 q% I; [& K- |/ M half-duplex( P8 d' N& v* {
end9 @$ }. X6 F! _( _# d
R22#$ L" p. T" s* ~. f- o6 M9 P
//把两边的端口同时进行补全。
1 A4 ?1 X" T# a2 O( v7 ?! bR22(config)#int e0/13 b$ B- f+ P2 i! M4 n9 p$ c
R22(config-if)#ip nat inside3 G. A9 b" B. S( ^3 t3 I2 Q
R22(config-if)#int s1/0; s% n6 B% u8 V$ h; @
R22(config-if)#ip nat outside6 F. n/ [% K: |
//完成后测试
- E6 X0 J) M0 I! P8 tR20#telnet 10.1.1.23 80( r* ^$ S5 H4 v, a
Trying 10.1.1.23, 80 ... Open# W' [2 C1 B$ v3 w
exit
; a2 \7 e2 b. n `. a2 \( gHTTP/1.1 400 Bad Request
1 O1 R o6 O2 F* o1 B# ?4 zDate: Fri, 01 Mar 2002 00:08:37 GMT
( x6 _) h5 Q2 IServer: cisco-IOS9 J+ I+ O5 C( `" M$ p# E
Accept-Ranges: none% v1 @: j# I; {, i
400 Bad Request
- ]( C( l2 C. A7 V! E[Connection to 10.1.1.23 closed by foreign host]
6 V8 A! H6 S2 J. s2 [9 ? r+ iR20#telnet 10.1.1.23 23; k7 q8 j" H+ z. z1 o
Trying 10.1.1.23 ... Open6 T4 L0 j& C0 Q- v% \
( X/ R4 J8 s0 N7 ~
User Access Verification
/ b3 A- V- n# @5 g2 GPassword:+ z! T% n0 o/ K4 n) C4 J" u
R23>exit
8 x& Q( Q) m, [[Connection to 10.1.1.23 closed by foreign host]
9 G, K% m$ K4 h' H9 {4 W, XR20#
8 S/ w+ V0 f+ g" |& e$ J//测试方法
5 `2 o9 \6 h' Q, T7 ]% b5 j+ |0 h3 e/ xR22(config)#do show ip nat tra0 [0 u- K9 J7 ]9 y5 A0 c
Pro Inside global Inside local Outside local Outside global
+ Q5 i) T4 s2 \. ~" @tcp 172.14.9.1:22209 172.29.7.5:22209 10.1.1.23:23 10.1.1.23:23+ B8 _6 |* s+ u2 D, C' Q
tcp 10.1.1.22:56248 172.29.7.5:56248 10.1.1.23:80 10.1.1.23:80
4 P' k2 ?6 M" m( C0 K) m. j; a4 MR22(config)#% @( T) D3 ^* X C7 q/ @
//结果输出; \ ~& d' k' s/ a! m9 C
7.touch off the EEM run when the R27 ethernet0/0 administration down.
$ W1 ]" t0 q' u* X5 H//这题的要求是当R27的e0/0手动shutdown之后,触发EEM执行no shutdown命令。+ n) d+ }$ A& o! H/ I* `
//首先我们可以先要知道手动shutdown了E0/0后的命令是什么。
7 _/ H+ L. P: U" k+ p. h; M2 vR27#show run | be event man! `! U! n0 _# A' T
event manager applet xx3 ]+ Z, i2 C0 q1 B' h3 k& S: e
event syslog pattern "down down down down"% K4 Z4 B+ N$ X# d
action 1 cli command "enable"
( K9 i/ F( }9 _, t8 s action 2 cli command "config ter"+ H9 p. a3 O$ ]* g
action 3 cli command "int lo0"
# e/ Y; b' x! E, Y3 I& l action 4 cli command "no shut"7 V, K4 g# F) q; y
!$ t0 u/ A6 {: ?: f- `
end
2 E7 `5 H& ]7 O+ _+ c1 \//这段EEM有有两个错误,一个是截取的内容,一个是进入的端口。, R% V$ A9 {6 r3 s7 [
R27(config)#int e0/0
8 W5 {6 M5 I, x1 T' X# g) N2 k8 RR27(config-if)#shut- C8 E0 y: x# j
R27(config-if)#
" j" `/ p, |- |( p6 t0 K*Mar 1 00:04:44.379: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down+ R$ B1 g) E F- u9 n
//我们要引用上面一句话,所以通过这个方式来提取信息是最安全的。. m8 Z2 s! G& B; v' ?
R27(config-applet)#no event syslog pattern "down down down down"
Y" r1 y$ u( `7 p$ jR27(config-applet)#event syslog pattern " Interface Ethernet0/0, changed state to administratively down"
- h# `. o. k( s: ~4 PR27(config-applet)#no action 3 cli command "int lo0") e& G# H% L! ]/ V2 C
R27(config-applet)#action 2.1 cli command "interface ethernet0/0"
, `. G, m0 e* A/ ^/ e* v( k g//输入完后要no shutdown端口才能生效。: e, p5 ~, S: E3 E& g% W5 b
//接下来,我们进行测试。
9 }+ d' I: p$ d* v3 qR27(config-if)#shut
1 I' f: n" `8 |8 P6 j; N7 eR27(config-if)#
6 {' a9 B2 C! j) n*Mar 1 00:12:40.283: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
8 B9 z% t+ d* S$ Z5 m0 I# f*Mar 1 00:12:40.687: %SYS-5-CONFIG_I: Configured from console by vty0; b- {# ]: L$ J( d1 ?
*Mar 1 00:12:42.547: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up6 s* t6 r$ k# K1 W3 Q, |4 h
R27(config-if)#/ C3 ]) [& Y6 B
8.R20 loopback0 can NOT ping R26 loopback0.
# ?2 T- X# l3 a6 A/ T/ V//先去R26查看端口的IP地址情况。4 {; y$ x+ Y( O5 b% _
R26#show ip int br0 ` S' G0 l- h" r4 Z6 x6 \
Interface IP-Address OK? Method Status Protocol
+ h3 V4 i3 M: W! HEthernet0/0 172.14.11.10 YES NVRAM administratively down down. [! R9 E5 ^' A, Z6 i9 @( f
Ethernet0/1 unassigned YES NVRAM administratively down down/ o- M5 l& E' }/ J. R
Ethernet0/2 unassigned YES NVRAM administratively down down& P+ C5 ?6 |6 \% `. p
Ethernet0/3 unassigned YES NVRAM administratively down down
- ]1 ]3 e4 S( {" rLoopback0 10.1.1.26 YES NVRAM up up + z$ d( w S4 [( ?6 K
Loopback100 198.168.20.1 YES NVRAM up up
4 c# \# Y# E9 h. W6 i0 m/ n& T( R, vR26#
0 G& a: c' T2 B5 o- w; |//把E0/0端口打开。2 \4 B1 T& \) d' r. |# Z
R20#ping 10.1.1.26
; e5 f+ a" B" s1 kType escape sequence to abort.- b" H' ^" z5 q0 U5 ^
Sending 5, 100-byte ICMP Echos to 10.1.1.26, timeout is 2 seconds:- |* t1 \7 r& `8 \3 I1 N& ]& t
!!!!!; u5 v1 f% H5 J4 j: s
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/72/104 ms6 L; Y" h0 Y0 u: M7 q( ^
R20#
& G: g* i% G1 N! V& C: L6 x0 kR26(config)#do show run | be r o
/ V# X# e: [; ^; e$ b5 trouter ospf 100$ T1 e5 v4 Y6 G5 F
log-adjacency-changes! q1 x" F4 v2 h# Z
area 1 authentication message-digest
. T5 w2 W K5 f2 j area 1 nssa4 r1 o, i& U) Q0 o2 r
redistribute rip subnets route-map conn, I5 m. D. d; h
network 10.1.1.26 0.0.0.0 area 1, ~! f3 P% ~2 q
network 172.14.11.10 0.0.0.0 area 1
6 d! Q; N4 ]+ h; k& m S& ]; Uroute-map conn permit 10) M( u2 q4 @/ Q' q
match interface Ethernet0/2
8 b4 M: _0 \- p* d1 ~//RIP重发布进OPSF匹配了route-map,解决方法可以把Loopback地址加进去,或者把route-map删除。
- x8 _0 x' E; D( n+ K4 b/ IR26(config)#route-map conn permit 20. l4 z3 n* S$ q4 o$ Y: O9 D
R26(config-route-map)#match int loopback 100
) k( P% V9 D0 {/ C9 ]7 W- OR26(config-route-map)#exit
i: k8 E& O% V2 {6 B; x6 uR20#show ip route | in O E2
& t: i2 [! L- Z* f4 X% x+ J/ s6 iO E2 198.168.20.0 [110/20] via 172.14.9.2, 00:01:13, Ethernet1/15 O4 f6 n: u$ T( A1 `
R20#2 _; w# }7 N0 Q! t& A
R20#ping 198.168.20.1
6 c& m) s! }5 }4 ?# U; G. R% w" {9 R& [Type escape sequence to abort.
. e. e; K* d4 \; \+ lSending 5, 100-byte ICMP Echos to 198.168.20.1, timeout is 2 seconds:
5 P: U% q5 t9 v8 N7 c!!!!!
) J8 j/ Z6 U7 `% F6 aSuccess rate is 100 percent (5/5), round-trip min/avg/max = 24/45/100 ms
I/ F( [+ G) t2 N1 DR20#7 T8 g% T+ g+ f6 A) Y* v% h
9.R14 loopback0 can NOT ping R8 loopback0, fix it.7 Q) C# c) A; n. o
这题无法模拟,只有写出问题所在和需要注意的事项,最终参考“成都互联神州 超详细 Francisco” 的战报。
, C- ^) B& U# v* ^5 lR14 ------ SW2 ------ SW1 ------ R10 ------ R8
5 l1 O6 ]) l8 V# n! g7 ^6 E这是物理拓扑图的连接方式。
n/ ^- A# A; ~* }: x. @4 }7 |需要注意的事项。
' t$ _( O, t" J$ C. D1.VTP domain name (CCIE)2 D- d/ ~! @' y; |+ E0 C6 K' z9 [
2.VTP password (cisco)+ q% e/ _4 Q4 d2 R; I
3.VTP mode (SW1 Server; SW2 client)
; U5 U& e/ `1 P' l4.VTP (version 2)7 N! u% s8 S/ V+ V2 c- L' x) z) Q( I
5.VLAN号是否相同 (114)考试的时候不是这个VLAN号,或者说根本没有
# O" {) N. ~% E% `' F0 I) V5 R# r6.端口是否有加入VLAN3 Y+ O: G: s3 g: I
switchport access vlan 1149 t/ `9 M, h0 V: u" ~& X' N
switchport mode access1 z, Y0 H2 Z5 M: r1 _( {$ Z8 E
7.SW1 和 SW2之间的模式 (trunk)+ D' I) ^' z+ ?* Y5 Z1 M" K
switchport trunk encapsulation dot1q8 t) l6 {2 X8 A. A6 l3 X
switchport mode trunk+ U+ c# L& j: m# K2 m" k: V! m F
$ `' F* A: _ o1 R/ B10.Match precedence 5 with R11&R12 to R7&R8.
k5 ?! I, r; j# W9 H! |7 r. m3 ZR9#show run int e0/2* ^: ], M* B! N+ d1 K
interface Ethernet0/22 P/ c# r" k0 D1 v4 u- ^
ip address 10.10.10.29 255.255.255.252
( w1 o( B! u5 z' s rate-limit input 8000 1500 2000 conform-action transmit exceed-action drop6 S6 a; p' @0 p8 k5 k7 _. k3 y
ip policy route-map PBR( Z/ \$ c+ o/ N! B: I# ~) S- C
half-duplex
" C7 b0 j, V3 K) E9 L" |) t service-policy output xx) }( V& J6 M+ t2 ~% i; c
end0 p2 D+ H+ t; _! x% @* O6 ^0 L0 z8 h E3 a
R9#show run int e0/0
0 }2 y- p ]2 H- I) minterface Ethernet0/0
- a9 m5 G# W! u/ P, _$ l: j ip address 10.10.10.37 255.255.255.2529 s) U5 a' o$ W' D( n3 t
ip policy route-map PBR6 }; C8 N+ P$ U6 k( `
half-duplex
- M/ A) \. k9 t) v8 n3 f5 \end
2 W3 p, \0 c- v( a4 y+ v' x3 L//端口上有流量限制,route-map policy-map的限制
1 {9 m* s P, P. n/ f//检查各列表的匹配情况4 I; h. l' s% z W2 Q# Y
//把所有的配置都完善一下,并且把下一跳限制取消。' x) z+ f; G! M/ S1 o
//access-list 100 是匹配 class map ---- policy-map ----- 再应用到接口上/ T! c- J, _" I& K' z$ I. L
对于E0/2的端口,就只是抓R11的路由。 P d& m( \5 z/ t
对于E0/0的端口,就只是抓R12的路由。9 u' {$ L4 o1 O; T+ [# O5 o+ i; `2 V/ F
这题正常的配置和测试方法应该是:
/ [9 v2 x1 k( oR9:
7 n/ |/ I {1 Aip access-list extended R11$ h. V5 x( A2 x1 P- u: V: O! G
permit ip 10.1.1.11 host 10.1.1.8 precedence critical9 l# a! T* }7 `6 |0 d$ r
permit ip 10.10.10.30 host 10.1.1.8 precedence critical Y# Y& x8 e( q/ G# U$ L1 O, w
permit ip 10.1.1.11 host 10.1.1.7 precedence critical0 z) D9 N0 y1 ]; E' f8 @ u: k
permit ip 10.10.10.30 host 10.1.1.7 precedence critical
1 D5 Z9 S: H0 ?/ W1 Pip access-list extended R124 T# l/ Z( Z: R7 {3 [6 X
permit ip 10.1.1.12 host 10.1.1.8 precedence critical& F; \1 G1 a% z) a$ l+ R( A& q
permit ip 10.10.10.38 host 10.1.1.8 precedence critical
; p5 k% W+ R9 E" k permit ip 10.1.1.12 host 10.1.1.7 precedence critical; e. ]% w: u. k) N3 G
permit ip 10.10.10.38 host 10.1.1.7 precedence critical
! c5 n) x( s% Fclass-map match-all R11! C+ q5 a7 H7 ~, t! v
match access-group name R11
' ~7 k" Z5 P+ c1 @9 `4 Hclass-map match-all R12" O' }0 w/ @. A3 ]3 ] \6 [
match access-group name R12
+ P- u2 I& D0 T- z8 Q, @3 o6 Kpolicy-map R112 a3 N- Z( f7 z$ o+ @$ D' s! y
class R111 A/ O. a/ z) I& {, S9 y& I# M
set ip precedence 53 t6 D. V l; [ t
policy-map R12- h! c3 {$ k- y# D H
class R126 @! r' s8 a5 e$ Z2 C; M
set ip precedence 5
5 U o8 Y1 ?7 Iint e0/2& h4 K0 P8 K3 ]1 i% b: C2 Y" b+ {& [/ V
service-policy input R11
0 L2 t5 @! f. h3 w/ U' Qint e0/0
) D5 M O# Y5 o, v6 S* E% k. A h service-policy input R12
9 H7 m( l4 m+ v; O; |//配置完后进行扩展ping测试。
7 l H6 \$ W. N+ uR12#ping/ W: b5 C. `8 {; l" U
Protocol [ip]:
: F" R5 |# c6 O* L1 J+ OTarget IP address: 10.1.1.8
8 k$ A% W* y8 E3 r: R$ yRepeat count [5]:
- i" z" O+ J' X$ K8 @Datagram size [100]:5 j4 X# }1 k0 A
Timeout in seconds [2]:/ X: B* t" K( [' L* ^
Extended commands [n]: y
" o5 H1 y/ ~5 ]7 Y! A. {Source address or interface: 10.10.10.38
" z. y/ S( J: S2 W7 |( F( k$ [3 ~7 m* MType of service [0]: 160
% r/ {6 C; a1 ~. TSet DF bit in IP header? [no]:, J# M# A3 Q# q1 c8 [- o+ A" ]
Validate reply data? [no]: R" N- S1 {6 Z& A& A
Data pattern [0xABCD]:% A6 v$ _" h8 F4 O9 G( b; q9 P; a
Loose, Strict, Record, Timestamp, Verbose[none]:
' O1 Z2 f5 X' r8 _5 G- P& ?$ _+ kSweep range of sizes [n]:
) U& k2 B& z2 b- X, ?/ G6 [Type escape sequence to abort.
* L ~! W: I U! b" dSending 5, 100-byte ICMP Echos to 10.1.1.8, timeout is 2 seconds:6 ?* s$ L8 h/ V
Packet sent with a source address of 10.10.10.38
" E6 g8 w5 ]1 ^) q!!!!!
+ c I8 V7 X: ^4 e' uSuccess rate is 100 percent (5/5), round-trip min/avg/max = 48/57/80 ms& e0 \! m/ k- a( n" t- w0 A
R12#* a1 P' `6 f: ~
R9(config)#do show policy-map int e0/0
1 F$ n* n& j0 m& z; o Ethernet0/0
1 j$ ?) I4 H- x, n7 h Service-policy input: R12
; _1 N. `6 i, {) x! g Class-map: R12 (match-all)
' Z1 _2 ?. a" ]. e0 c# G 0 packets, 0 bytes
4 S0 ~) E* Z% I$ T; b 5 minute offered rate 0 bps, drop rate 0 bps* `, d. ?$ b8 Y7 {* y, u0 Y
Match: access-group name R12
! B$ l! r k+ K+ o6 Y4 ]5 J QoS Set
2 c5 W$ e2 ~. F' U9 U; F# g: ^( S precedence 5& T, {) ?8 L. {5 K8 ?) F
Packets marked 5
1 {; @$ a6 N* F" M' h) I+ t7 z Class-map: class-default (match-any)
/ q, ]) V5 z @$ l$ G; w 111 packets, 11298 bytes5 W8 o5 l* Q# C0 _+ z
5 minute offered rate 0 bps, drop rate 0 bps8 z0 D6 d6 Z( a" u; D/ e+ O: l- i4 p
Match: any
; Q* v9 `# G" ]+ H" AR9(config)## j) ]9 ]5 k& v }! S
R9(config-ext-nacl)#do show access-list
9 b) E1 B; ?% _& d8 M: A, ]Extended IP access list R12
7 k6 i; A2 E8 b8 U5 }4 q6 I8 u: ] 10 permit ip host 10.10.10.38 host 10.1.1.8 precedence critical (5 matches); e! F% C2 h: W3 F1 l
20 permit ip host 10.1.1.12 host 10.1.1.8- \' |2 l n' b: Z' r- Q" m
30 permit ip host 10.10.10.38 host 10.10.10.211 Q4 `8 p+ h, c$ ~! W8 j
40 permit ip host 10.1.1.12 host 10.10.10.21- K4 ^8 z: C0 k
//把剩余的所有IP地址都匹配上,然后进行测试。
3 B4 ~6 r& V! a" C5 c7 W
4 w# a9 Z* `( Y4 r1 {-------------------------------------------------------------------8 f7 k( Y" `) M" h9 ]+ }
cos$ f! ], D w. s3 t1 L( R
000000 routine (0) 0
( X, R* P! [3 C! _4 V& ^& r001000 priority (1) 322 I% c; e. T6 P
010000 immediate (2) 64
* c7 ?; T# Y$ ^011000 flash (3) 96
# x" ?6 S$ L1 t4 n100000 flash-override (4) 128
' \/ [2 q3 Y( `* O9 M4 h101000 critical (5) 160
& A* u6 F, N& X110000 internet (6) 192/ L9 q4 F1 i/ Q p2 j: G
111000 network (7) 2248 B! C4 c% V0 U" A
TOS 前3位
/ [) c- E* N; l5 c2 i8 V$ A5 D9 {5 iDSCP 前4-6位
7 f! r% f* T8 |; z- r5 D' E \1 {. d, ^* k0 ^
$ E# n# M; S) P2 Q
9 @$ O# K0 z( g$ T& Y3 O
, A& I* \% f0 g! T- W
! G4 ^7 U) x, Q
2 X! a% {: {2 z i9 m; t; D b
0 x. a; ]8 X; b# ]7 j) ]/ g5 E) X: Q! A+ s g' v: O
g( p8 M" z8 p/ Z0 Z$ L1 e
4 p! D0 p& \, o TS2
2 s, {3 M3 E3 @4 G# B# Q4 `//部分路由器编号不对应,请参照正确的拓扑来查看。
' N. b5 m; ^ I; w1.R31 & R8 should established security BGP neighbor.
; \$ A% A* l* }" q2 c" G9 U4 `7 M+ Y//打开路由器后,直接就收到了MD5密码不匹配的消息,查看BGP邻居关系,并查看show run 的BGP密码匹配情况。3 H- O7 B. v$ D4 `' R! I# c
*Mar 1 00:07:30.379: %TCP-6-BADAUTH: No MD5 digest from 10.1.1.8(179) to 10.1.1.31(45688)/ W4 v. m0 \; B- p* D! _; \
RACK30R31#4 q, P' P* X1 e7 Z& B
RACK30R31(config)#do show ip bgp summ
: T' w7 F. w3 O. J6 b1 ^6 SNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
. Z5 u$ P$ i3 e7 {10.1.1.7 4 200 14 14 2 0 0 00:10:13 1
$ d! K, e% A! c10.1.1.8 4 200 0 0 0 0 0 never Active1 Q1 H+ r1 p" v6 R
10.1.1.30 4 200 0 0 0 0 0 never Active# r/ D' H. ^) O! r* o
RACK30R31(config)#5 U& D" D9 L' W+ Y
//确认BGP是否无法建立。 ?# W" e( c4 K
RACK30R31(config)#do show run | b r b
: D; B, Y8 S) X% N( c; Z9 Urouter bgp 200
2 j/ M6 t( }# i( A6 R& p% F. G no synchronization* e" n+ O- a5 X; a1 M- P$ w
bgp log-neighbor-changes" s# U ` b, O* m5 R" i/ j
neighbor 10.1.1.7 remote-as 200/ X0 \# ^9 h) y" G i3 @
neighbor 10.1.1.7 update-source Loopback0" ~, S5 _8 E, X' O! C6 Y
neighbor 10.1.1.7 route-reflector-client
3 T9 \0 l+ {+ D" s6 n- d; l neighbor 10.1.1.8 remote-as 2006 _, n# N! Q; r
neighbor 10.1.1.8 password cisco; r3 s: Y6 e7 g% _. g* B
neighbor 10.1.1.8 update-source Loopback0* j- D& y4 K' @
neighbor 10.1.1.8 route-reflector-client
4 L/ o; O. \7 l neighbor 10.1.1.30 remote-as 200
- t) d- D3 [% x v. E" b neighbor 10.1.1.30 update-source Loopback0+ n9 F5 }3 ?& L P2 w9 h% l
no auto-summary
0 |5 K, N2 T8 @//R31对邻居R8配置了密码。去R8上查看密码是否匹配。4 B6 r: G% c6 z# ]+ |4 X/ l
RACK30R8#show run | b r b
1 v( G, s( H( C/ ]router bgp 200
) d) }1 m- J" ~. \7 S0 Y4 x' C/ B no synchronization5 y t J& v5 G/ `+ C1 q; v
bgp log-neighbor-changes# I$ k# j5 M6 Z1 ^3 Z' r5 T6 W4 T
neighbor 10.1.1.31 remote-as 200; S% }% q6 @+ l o/ {& |+ n/ Y+ I
neighbor 10.1.1.31 update-source Loopback0, B2 B: |8 O; G5 `" P& p! m/ c! K% l
neighbor 10.1.1.31 next-hop-self
' i& O9 J2 u1 }+ }. v: r. Y neighbor 10.10.89.29 remote-as 300
$ V1 @- ~% U; f no auto-summary
% Q* e( L% e: v//R8上没有对R31配置密码,进行配置。
$ ~; t: O! f; _+ F I) R4 @RACK30R8(config)#router bgp 2008 Z( `0 m$ `) N( e0 J' c1 B0 b$ t
RACK30R8(config-router)#neighbor 10.1.1.31 password cisco
, V# D$ o, U- \RACK30R8(config-router)#
- d) J( w$ g* E7 B9 z4 R! V3 ~*Mar 1 00:22:38.127: %BGP-5-ADJCHANGE: neighbor 10.1.1.31 Up
" Q- h# T* L f( m, ZRACK30R8(config-router)#, q! l( z" C- u
//基于题目的要求,安全BGP,所以对两台路由器BGP所配置的密码进行加密。3 U" Z- X, C5 b& s
RACK30R8(config)#do show run | b r b
6 Q7 J7 l" V) O! Mrouter bgp 200
+ G: P" _' w3 ]( G: w8 S+ @$ e" _ no synchronization
2 w- O" {! x4 t/ B. \ bgp log-neighbor-changes
+ @8 x6 ~' [; j. W* O neighbor 10.1.1.31 remote-as 200
/ T+ g: l1 I' b# e/ w neighbor 10.1.1.31 password 7 00071A150754
' z u( g- A; P( z' ^2 y3 A neighbor 10.1.1.31 update-source Loopback0
1 S/ c0 K2 d% K: u" |+ q neighbor 10.1.1.31 next-hop-self, u- @( g2 [. ]" ?5 M5 T, T- A
neighbor 10.10.89.29 remote-as 300+ ?, G0 s1 h* k' Z' D
no auto-summary9 u4 k3 j M# K: h z9 J
!
3 g% @( B; W- wRACK30R31(config)#do show run | b r b+ B; ~1 D/ K- w7 @% ]
router bgp 200$ s/ o2 G- ~! R( l( P6 E2 @
no synchronization* M& F0 F* Q1 @8 Z0 F
bgp log-neighbor-changes5 X& n- h1 Z: C9 n
neighbor 10.1.1.7 remote-as 200
) N, `: @5 |- j1 g3 P- s& a# Z neighbor 10.1.1.7 update-source Loopback0
5 ~$ ]* P$ S. B1 v- @ neighbor 10.1.1.7 route-reflector-client3 W: `% f; A) j$ e* B. @3 G
neighbor 10.1.1.8 remote-as 200" |, t8 c# A3 W- h
neighbor 10.1.1.8 password 7 045802150C2E
" i- y6 A) D* h) o neighbor 10.1.1.8 update-source Loopback0! ]/ |, S, l$ z7 Q; Q
neighbor 10.1.1.8 route-reflector-client
- h# s( k$ y- p neighbor 10.1.1.30 remote-as 200
: e5 X& r. ]2 _2 q neighbor 10.1.1.30 update-source Loopback0 v6 |0 X4 [4 b' q
no auto-summary8 A1 k! E$ M+ O1 C) }: i; ~
!
& r+ ~7 h" H1 d
& g; O8 q7 {3 x* l6 t) f2.R2 loopback0 should ping 10.1.1.27 (use one command and same device to fix it).! N. B( F5 s6 @1 | H
RACK30R2#show ip pro
% _, p+ ]& W/ s2 K$ W' vRouting Protocol is "ospf 1"
, ^2 W2 @/ C3 V$ g Outgoing update filter list for all interfaces is not set
m, J) e' H/ L' Z Incoming update filter list for all interfaces is not set
- R4 J, g4 A' J7 v Router ID 10.1.1.2. L$ t. h) u+ }; Q5 \! i( Q
Number of areas in this router is 1. 1 normal 0 stub 0 nssa, d0 p2 U4 H6 L) m% u; Q" E" r7 J4 w
Maximum path: 4
( n1 }, r, @8 e Routing for Networks:% \$ E* H; b" B% S- d2 a
0.0.0.0 255.255.255.255 area 2
. D" X2 H* ^. f% r1 } f- u$ M Reference bandwidth unit is 100 mbps
/ I6 Q& A7 a5 S4 q! [6 W" d1 ] Routing Information Sources:
7 ? R4 z1 ] X: M) s. s0 a Gateway Distance Last Update
- V7 F- z1 }& ~8 K! ^5 y# B. u Distance: (default is 110)# N/ c$ }' z! ~2 k2 a
RACK30R2#
( X" ~1 g, u$ g& T% hRACK30R2#show ip ospf nei, L$ J" \8 R3 U+ K3 b& x" D9 i; a2 F2 @
Neighbor ID Pri State Dead Time Address Interface. b/ Y$ ~) q$ K# j: i
1.1.1.1 1 FULL/BDR 00:00:38 10.10.123.3 Ethernet0/09 _% w( @4 \: {/ M$ u+ V
RACK30R2#
6 S9 d8 X( G7 O' z& s4 }RACK30R3#show ip pro w6 H5 Z! j' T8 @
Routing Protocol is "ospf 1"9 a% r/ b F D+ T
Outgoing update filter list for all interfaces is not set
9 N0 {2 e$ r0 _; s' E Incoming update filter list for all interfaces is not set7 L. U0 o5 E" g0 b0 f. }9 A
Router ID 1.1.1.1* {( R: ]/ N6 q1 z
Number of areas in this router is 3. 3 normal 0 stub 0 nssa- b0 ?. e3 j, U9 {' S4 Q
Maximum path: 4" g* y5 b. P5 ~/ b. F( L
Routing for Networks:6 u; y1 C# u6 L$ A# ^
10.1.1.3 0.0.0.0 area 1
. K$ f m) P* a6 D* E- A- A 10.10.35.3 0.0.0.0 area 1
8 s$ z, q- W) f2 L6 L% Y 10.10.123.3 0.0.0.0 area 2/ `: M# I4 Z6 m* d6 ~
Reference bandwidth unit is 100 mbps
. l( o9 g& ^6 ~. U Routing Information Sources: u! d% _/ I1 ]
Gateway Distance Last Update0 R/ j) X" B2 f# d' N
10.1.1.2 110 00:32:06 L+ @ ~% e$ a
10.1.1.5 110 00:31:56
C8 C1 I$ _: D! E$ y Distance: (default is 110)
+ F. S. ?3 @( W4 r6 [RACK30R3#show ip ospf nei
) \/ e3 p; B! y2 y( W& `# o: K0 t, ENeighbor ID Pri State Dead Time Address Interface8 L. e4 D" u- f2 ]$ _6 I; A
10.1.1.5 1 FULL/DR 00:00:35 10.10.35.5 Ethernet0/0
2 }+ S) p( \3 t& f% V/ u10.1.1.2 1 FULL/DR 00:00:35 10.10.123.2 Ethernet0/1! s* U; t7 B% x
RACK30R3#
& B* G" _9 E4 T, ?1 N6 x//R2已经成功和R3建立了ospf 邻居。并且R2e0/0和R3e0/1的是属于OSPF区域2,R3e0/0之后是属于区域1。
% c+ V2 w: `0 k; b* f//OSPF区域1和区域2要通信,则需要通过主区域0来进行。 ]' u/ A( Q( r6 P @
//再经过查看,可以发现拓扑是这个状态:区域0(R8----R6)---- 区域1(R6----R5----R3)---- 区域2(R3----R2)
/ a* E: T5 ^, o9 ]//那么区域2要和外部通信,或者要和区域1通信,则首先应该和区域0建立虚链路。
' B: n7 p9 Z- V& L3 ?9 o//在做虚链路认证的时候,一般还要做区域0的区域认证,但是现在R3却没有成功和区域0的R6建立虚链路。
. z" }3 K; I9 g/ D/ g6 ~1 N去R3和R6上查看命令配置。
. a j" Z7 Q T) K% t0 C
9 P5 \4 |8 D( L: Z S! HRACK30R3#show run | b r o" R4 L( d: Y0 o9 D( M# g/ O( i
router ospf 1
+ E Z1 A, O5 J9 C* O v router-id 1.1.1.15 n1 i# c+ a5 m/ Y) a" E( a
log-adjacency-changes, f& r6 ^" y6 \4 b6 n7 [
area 1 virtual-link 4.4.4.4 authentication message-digest
& `7 O, t) _8 m: L: G area 1 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco
/ t- g0 v& B. Q4 f network 10.1.1.3 0.0.0.0 area 1+ ` y+ j' I. h( J% l+ h3 S
network 10.10.35.3 0.0.0.0 area 1
- \4 a) Q0 w9 Z network 10.10.123.3 0.0.0.0 area 2
' }0 x6 n& R4 L: O; ]% U& g!, ~3 S3 T& P9 a; Z
RACK30R6#show run | b r o, \, v% K: s+ F) A7 E' Q
router ospf 1
# R0 ]- r4 y6 O& U router-id 4.4.4.42 y+ f2 L U# N p- y
log-adjacency-changes$ o/ L7 ~$ ~% } Y7 ?
area 0 authentication message-digest
u# ]% ^8 `9 E area 1 virtual-link 1.1.1.1 authentication message-digest7 a. D2 `* o$ l+ M
area 1 virtual-link 1.1.1.1 message-digest-key 1 md5 cisco( F- ^. Y: L4 r$ H% l
network 10.1.1.6 0.0.0.0 area 0
! O" J6 G" c3 ^" M; n" w network 10.10.56.6 0.0.0.0 area 18 `6 W5 |: r* s6 u# p
network 10.10.68.6 0.0.0.0 area 0
/ S3 S0 W4 a+ Z7 v" b3 b KRACK30R8#show run | b r o* c% [1 l& t* n$ c/ |
router ospf 1) h" @' j5 T. A# H0 o. v
log-adjacency-changes0 u- a) \! m. E. U7 {4 W: L
area 0 authentication message-digest4 C9 D# G( d6 Y8 [! X S
network 10.1.1.8 0.0.0.0 area 0
3 _9 P( b6 ~7 k" s; ?! o network 10.10.68.8 0.0.0.0 area 0' s* _6 E# ]; F% b9 k' }+ ~0 n F# f" o
RACK30R6#show ip ospf nei3 t2 p! P+ J, R/ Y M* j- L2 Y% g
Neighbor ID Pri State Dead Time Address Interface
# t' Q1 V D. Y5 s3 c% D10.1.1.8 1 FULL/DR 00:00:31 10.10.68.8 Ethernet0/0/ m% f- C1 q) ]0 S
10.1.1.5 1 FULL/DR 00:00:39 10.10.56.5 Ethernet0/1! I! O1 ^7 [4 c7 O
RACK30R6#
! r1 `+ m$ |$ G# zRACK30R5#show ip ospf nei6 K) P* z' I9 k+ m" Q6 }
Neighbor ID Pri State Dead Time Address Interface9 U' P, x9 [$ C1 B6 [* x
1.1.1.1 1 FULL/DR 00:00:32 10.10.35.3 Ethernet0/1/ w* B# Y1 x0 W1 U
4.4.4.4 0 FULL/ - 00:00:34 10.10.56.6 Ethernet0/0
* M8 ]' v' `6 _! C8 I) ]3 gRACK30R5#5 Z* W7 {' y+ W2 G3 B( t4 q
//我们可以从这里看到,R3和R6已经配置了虚链路认证(为了确保密码没问题,可以重新配一次)。! C: o, _# x3 M* m" { B) b( j
//R6又和R8建立了区域0的区域认证。
! H+ l" K$ v# l. \) m3 j. ?1 \& t7 s% i//目前的状态是R6和R8、R5建立了OSPF邻居;R5和R6、R3建立了OPSF邻居。6 y3 D {4 D1 f. ~ F, s |
但是大家有没有发现一点,为什么R5在连接R6的时候会没有选举DR和BDR呢?# t' t0 |9 u5 ~9 d
//我们去查看一下R6和R5的连接状态
v8 ^6 V2 ^ p5 z8 E! |4 v5 I" R4 B5 c8 P1 Q" I
RACK30R6#show ip ospf int e0/12 H" H4 Y$ T h8 b4 }" o
Ethernet0/1 is up, line protocol is up
; _/ K8 m- M/ y% I" N2 r$ O, ?! z Internet Address 10.10.56.6/24, Area 1& a! {# {) o& i
Process ID 1, Router ID 4.4.4.4, Network Type BROADCAST, Cost: 106 u# |. b* M. ]* ]& w( ^- f
Transmit Delay is 1 sec, State DROTHER, Priority 1
/ l; b8 X3 O# D Designated Router (ID) 10.1.1.5, Interface address 10.10.56.5
; @+ A# g8 R0 [/ R5 W Backup Designated router (ID) 10.1.1.5, Interface address 10.10.56.5
) R( \+ H5 \9 e7 ~/ H7 C Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 52 K0 b# w9 V3 }7 |, ]: ^! ?2 w
oob-resync timeout 40
* T( A& e, I# p% h( ~ Hello due in 00:00:01* F) f' s# x: m: A( w0 a
Supports Link-local Signaling (LLS)& e$ z1 o0 U- l' h$ k) l: N8 e8 N: a
Index 1/3, flood queue length 0, C' U! Q# {) M0 U2 Z
Next 0x0(0)/0x0(0)# ^! m# j q" y+ m: y+ J( D1 R
Last flood scan length is 2, maximum is 3; u4 [$ ~9 v5 [ v0 t6 ~% v
Last flood scan time is 0 msec, maximum is 0 msec
& U% w7 X: J9 c4 i: O& y: W Neighbor Count is 1, Adjacent neighbor count is 1
- K4 u7 C9 O0 R Adjacent with neighbor 10.1.1.5 (Designated Router)
/ V) t% z! Z g" x2 p! s) B Suppress hello for 0 neighbor(s)9 a, e( i/ t2 s3 @
RACK30R5#show ip ospf int e0/0# j6 |" [& R! d9 x5 x2 T( L
Ethernet0/0 is up, line protocol is up
6 L2 Q9 B! v+ U. s ~8 C ~ Internet Address 10.10.56.5/24, Area 1- c8 _$ n# A, H# r9 R' V( X; |' I
Process ID 1, Router ID 10.1.1.5, Network Type POINT_TO_MULTIPOINT, Cost: 10
7 \% K) g2 m2 Z I Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
9 [. F! y2 r8 L2 _( @2 J Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
% O7 K$ l# A% e. B5 G oob-resync timeout 40 D# @) G) |3 c4 \" J m
Hello due in 00:00:07
; H& g9 G, d1 [/ a# v$ e4 J5 c4 J m1 Y Supports Link-local Signaling (LLS)1 m, q h1 k6 B# F4 V9 x- D
Index 1/1, flood queue length 0
; Y- ^( o5 `, p' Y- P3 e7 v0 z1 e Next 0x0(0)/0x0(0)* v& F" R7 _3 R3 M
Last flood scan length is 1, maximum is 1& ?& ?3 o8 R; d+ ^3 O/ b6 L
Last flood scan time is 4 msec, maximum is 4 msec
, O1 z+ m, C2 f7 b0 E Neighbor Count is 1, Adjacent neighbor count is 1
\, U6 B1 R0 f ~; p Adjacent with neighbor 4.4.4.42 W. L& f# u" G' y' ]0 e* k2 T% N5 a
Suppress hello for 0 neighbor(s)1 i3 }. M; C& q% c# I
//从这里,我们可以知道R6之所以和R5建立了OSPF邻居是因为R5的Hello dead time 都可以和R6匹配。0 |4 I- |) `8 q+ _4 {) Z
//插句理论:
7 e' x( H/ y* c3 q/ f0 F4 L8 ]2 V 点到多点的特性:3 }* T' H% m8 @/ c! [0 t
1.没有DR概念6 @- ?) B7 `7 d9 p
2.不需要定义邻居,属于完全邻接' H. u A0 \0 `! T# l
3.整个网络使用一个子网2 p C7 q+ y5 ]. T( }- I7 ]9 N
4.Hello 30 dead 120 wait 1208 h8 b" e3 S4 m+ J& W
//所以在这里因为R5的定义,使R6认为自己有两个DR,一个是R8,一个是R5,导致虚链路无法正常建立。
% p9 y( @3 ]4 [" A* e3 t- mRACK30R5#show run int e0/0+ y+ {' s0 @' S) m, p* v
interface Ethernet0/0
3 {! K1 E2 u7 o& A ip address 10.10.56.5 255.255.255.0
7 o% U/ t/ O6 ^5 W( x# X/ S ip ospf network point-to-multipoint5 t9 I; B/ B3 E* s8 T3 p, ]! M( _4 n
ip ospf hello-interval 103 \, @4 C- l& j2 u9 |2 X0 x* O
half-duplex, a9 l! O b; [# }. Q6 o
end
1 B3 r+ J8 Q; l, [9 T1 x! KRACK30R5(config)#int e0/09 X2 B" r3 Z& \& o6 t3 ?
RACK30R5(config-if)#no ip ospf network point-to-multipoint
/ y5 T) B4 r& b: I, ?! j- [0 [% U/ xRACK30R5(config-if)#
2 @# K, }" U9 u. c Q; ?*Mar 1 00:22:35.471: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
4 c4 L5 ~# X7 r) k*Mar 1 00:22:35.631: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet0/0 from LOADING to FULL, Loading Done
' y1 S$ Z5 a; ]7 m! B/ A. sRACK30R5(config-if)#do show ip ospf nei
5 }9 A3 i. _# ?& d( FNeighbor ID Pri State Dead Time Address Interface
3 |2 Q1 ~3 Z B4.4.4.4 1 FULL/DR 00:00:38 10.10.56.6 Ethernet0/0
9 r9 E' [) Q4 `# K, `5 D1.1.1.1 1 FULL/DR 00:00:36 10.10.35.3 Ethernet0/13 R3 `- _2 X/ d# e+ \ k
RACK30R5(config-if)#% r6 x% ?# e2 E
//更改过来。
" X# [+ m1 d" [: P7 G: ]3 S4 R* j# j% ]RACK30R6#1 n5 ^7 ?7 P2 `) |! y( `9 q d
*Mar 1 00:22:35.267: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.5 on Ethernet0/1 from LOADING to FULL, Loading Done
' D( O& K8 _: J: i& J1 p0 TRACK30R6#show ip ospf nei
. s( f8 ~: s' Y: N* l*Mar 1 00:22:50.891: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on OSPF_VL0 from LOADING to FULL, Loading Done* V9 R v c+ G& Y% S
RACK30R6#show ip ospf nei1 K# d2 b G, X$ p5 S
Neighbor ID Pri State Dead Time Address Interface
1 H( ?& _* k& u6 _, N10.1.1.8 1 FULL/DR 00:00:39 10.10.68.8 Ethernet0/07 N" Z# p. @: \/ I% x& a
1.1.1.1 0 FULL/ - - 10.10.35.3 OSPF_VL0 U0 X. A% }8 p5 |1 `
10.1.1.5 1 FULL/BDR 00:00:37 10.10.56.5 Ethernet0/1, c* z6 U# L( I: _ B1 T
RACK30R6#8 J' Q5 r- n7 O" U. @' j/ s- s
//R6重新进行了DR和BDR的选举,并且成功和R3建立了虚链路。去R2上查看路由情况。
1 l" F( K* d2 l: d5 }! U6 s; V0 ~( t9 d
RACK30R2#show ip route/ V* S5 Z- S2 w# } Y" I
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
; i; w( W) b9 ?! a; q5 A' {" zO IA 10.1.1.8/32 [110/41] via 10.10.123.3, 00:05:16, Ethernet0/0
2 D, p* [; @ [7 T% c% NC 10.1.1.2/32 is directly connected, Loopback02 r# X$ z* K) V( }
O IA 10.1.1.3/32 [110/11] via 10.10.123.3, 00:05:25, Ethernet0/08 w1 B! v" n* g' y: i- M3 d" I
O IA 10.1.1.6/32 [110/31] via 10.10.123.3, 00:05:16, Ethernet0/0
7 s% [- Y" r% Y& M8 mO IA 10.1.1.5/32 [110/21] via 10.10.123.3, 00:05:25, Ethernet0/0( Q( c$ F' t: ]
O IA 10.1.1.27/32 [110/11152] via 10.10.123.3, 00:05:16, Ethernet0/0 D6 k0 I* e" P9 d
O IA 10.10.35.0/24 [110/20] via 10.10.123.3, 00:05:25, Ethernet0/0
( |) C' R; ?& |4 @O IA 10.10.56.0/24 [110/30] via 10.10.123.3, 00:05:25, Ethernet0/04 z6 e; x# {/ w- R b* ]
O IA 10.10.68.0/24 [110/40] via 10.10.123.3, 00:05:16, Ethernet0/02 S' i% }1 J- }2 F
C 10.10.123.0/24 is directly connected, Ethernet0/0$ o! a/ l, H: Z$ C5 }! E3 y3 S( O; E9 ]' r
RACK30R2#ping 10.1.1.271 c$ k& S: O+ I+ l ~% Y2 e% q5 S
Type escape sequence to abort.
6 |" C8 E3 l- k3 H* KSending 5, 100-byte ICMP Echos to 10.1.1.27, timeout is 2 seconds:
3 j6 r- K; v$ X$ }% {; e, W# i+ I!!!!!
& Z0 G' n9 }, P2 w( I* i4 w$ ], H- qSuccess rate is 100 percent (5/5), round-trip min/avg/max = 36/77/104 ms3 N' @( f/ b1 z
RACK30R2#
8 ~7 \% M; e0 U' t H//R2已正常学习到了来自R27的Loopback路由,并能正常通信。(达到了要求,只用一条命令来解决这个问题)0 X0 n8 D2 Q% g- O
3.Source R27 10.1.1.27 should ping destination R18 loopback 1.100.100.100.. ]% E& j5 B. [0 Y c
RACK30R27#show ip bgp' ]* H! J |' l8 d5 y& [
BGP table version is 4, local router ID is 10.1.1.27% T& C; r) U8 W6 P* f) J2 Y! p8 ~
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
; O Z0 ~- @: Z( w9 A r RIB-failure, S Stale3 E7 q7 q( Y% B" i) c8 X9 T! W
Origin codes: i - IGP, e - EGP, ? - incomplete' ]* ]" ~8 a" w0 V# `1 A1 R
Network Next Hop Metric LocPrf Weight Path$ C+ P1 _3 f6 `3 {5 f) m
*> 10.1.1.27/32 0.0.0.0 0 32768 i
# A9 {; f0 W0 D6 lr>i10.1.1.31/32 10.1.1.28 0 200 0 200 i; ]5 @% b6 \4 E4 a
RACK30R27#
. M' R" h0 T$ b s6 _2 D3 m2 W4 C//我们可以看到R27无法收到来自R29的IBGP路由,并且路由到了R31就就无法在走下去。2 Q$ o) C$ e$ I5 T' _0 Y$ e, P! m
//R28调整了local-preference, 但是这不影响路由的接收。
/ P1 B6 ?) u- U* k//去R29上查看邻居建立情况,去R31上查看邻居建立情况。" A" E: ~! E, c3 b: T% v8 J
RACK30R28#show run | b r b' r% B+ \' R4 ^4 Y# z
router bgp 3005 I, k0 ~4 x+ y7 f, O; t6 Z/ A5 g
no synchronization
5 u+ H' X$ S$ _' u/ T4 O9 q$ V1 C+ d bgp default local-preference 2004 P1 S, a3 K8 Q# g1 b
bgp log-neighbor-changes D1 w1 Q3 }; n7 f
neighbor 10.1.1.27 remote-as 300
0 d0 M! d& [; Q neighbor 10.1.1.27 update-source Loopback0+ A+ Q3 J+ L2 C2 K5 N
neighbor 10.1.1.27 next-hop-self; n! }% @3 O: A- x# }2 f' z
neighbor 10.10.78.7 remote-as 200
$ D9 `6 U g% o5 p6 L. N7 h6 s) Z no auto-summary
: a" v" S. f5 | S. O$ _' @RACK30R29#show run | b r b
5 c1 Z4 Z' W; o6 P; nrouter bgp 300! R- e8 ?9 Q2 Y
no synchronization% D. K0 H( s4 c" v" [
bgp log-neighbor-changes! f$ ` H1 V- u* o$ b" Y% z0 f
neighbor 10.1.1.27 remote-as 300' o r( m) h3 z0 e/ D
neighbor 10.1.1.27 update-source Loopback0) [& X! u7 C6 f0 P. Y% x
neighbor 10.10.89.8 remote-as 200
* r2 F% o, _" _- f no auto-summary
. P1 i' E4 r* p8 A& L//我们可以发现R28和R29都没有对自己的Loopback口进行通告。
+ c1 `5 N/ W) r k- ~3 [RACK30R28(config)#router bgp 300
# C: E' k/ h0 ]% \RACK30R28(config-router)#network 10.1.1.28 mask 255.255.255.255/ F7 V1 R* y! r! o. f
RACK30R29(config)#router bgp 300, o2 [. e- \" R8 S6 N# h* p# D
RACK30R29(config-router)#network 10.1.1.29 mask 255.255.255.255
8 K( @. k5 F3 P* Y7 qRACK30R29(config-router)#+ B- d1 D: G- i9 X: r* p
RACK30R27#show ip bgp C# F7 ~/ ]/ c& ~3 j1 F# x
Network Next Hop Metric LocPrf Weight Path/ I+ t' p4 ?, C/ n
*> 10.1.1.27/32 0.0.0.0 0 32768 i: Z! g: f- X/ V2 f6 T# I4 u$ a8 G( C
r>i10.1.1.28/32 10.1.1.28 0 100 0 i- T2 a, z& Q. V+ _6 h7 y8 H
r>i10.1.1.29/32 10.1.1.29 0 100 0 i
5 Y) _5 A( t4 e/ P, w8 v, ^+ Er>i10.1.1.31/32 10.1.1.28 0 100 0 200 i
8 e) c9 k) i: @" e, p+ ^RACK30R27#& O Q0 E" B7 A4 i# ~' W: d$ A
//现在R27可以正常收到来自AS内部的BGP信息。查看R31的BGP建立情况。
! Q- }% Q: b" \( d) f8 cRACK30R31#show ip bgp summ
/ j# L( L5 Z) r$ mNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
0 g; A; m- ^) G" Z4 y g10.1.1.7 4 200 23 29 20 0 0 00:17:29 35 j5 T* f# H% e! \$ k! d& G9 b
10.1.1.8 4 200 0 0 0 0 0 never Active# D* a% f7 q3 I4 Q
10.1.1.30 4 200 22 27 20 0 0 00:17:25 47 W1 P% b" I& _9 K
RACK30R31#& ~1 Z i; ]" b
RACK30R31#show ip bgp
) a6 P2 {( r! G; R0 `: p Network Next Hop Metric LocPrf Weight Path& g0 r: ]! h; C! P" C
*>i1.100.100.100/32 10.1.1.30 0 100 0 100 100 300 500 600 i) B) o8 z$ C5 I2 q8 y4 U
*>i10.1.1.27/32 10.1.1.7 0 100 0 300 i8 x* H5 ~$ ~8 d9 ^* K e
*>i10.1.1.28/32 10.1.1.7 0 100 0 300 i
/ x% A6 X2 W) P*>i10.1.1.29/32 10.1.1.7 0 100 0 300 i' O' z7 m8 r$ y S
* i10.1.1.31/32 10.1.1.30 409600 100 0 i
" W) _+ H, W) I*> 0.0.0.0 0 32768 i
6 @, V6 f& e v. i3 O; @' m. Q9 m*>i10.10.18.1/32 10.1.1.30 0 100 0 100 100 300 500 600 i
2 ^) X1 t5 I! L! o*>i10.10.18.2/32 10.1.1.30 0 100 0 100 100 300 500 600 i
/ U' V2 K. O# @. r2 d2 w6 L3 NRACK30R31#; \; }; q8 i6 X
//R31没有和R8建立邻居关系。! E$ E0 w* B7 j/ J
(如果题目要求仅仅为了ping通1.100.100.100,那么其他问题就不用解决,只要有路可以正常通信就可以了), E T W7 B+ F* f) p9 Y
//BGP邻居表中,R31收到了来自1.100.100.100的路由,路径的顺序是AS 100 300 500 600。: R/ u: x: M7 N( ?! }1 j$ q, c$ V
我们知道R27是处于BGPAS300里面,但1.100.100.100这条路由已经经过了300这个AS。
" T+ L3 L# I5 G; w 因此这个路由信息当发送到AS300后,AS300里面的路由器就会把这条路由DROP掉,因为它们收到了一条或许来自于自己AS的一个路由条目。
/ }4 q: W4 r! E& f/ K( e1 O+ S- [( lRACK30R18#show run | b r b' e- C" X: J2 B, I# X; {0 Z, _; Q
router bgp 100- V4 a, H) r/ H& f2 H6 ]
no synchronization8 N& I2 l; Q% C; p8 d
bgp log-neighbor-changes& n7 u3 r, Q7 ^7 P
network 1.100.100.100 mask 255.255.255.255
+ A# Y* @1 m# }! W* ?5 a network 10.10.18.1 mask 255.255.255.255
, V L F' q4 x( e network 10.10.18.2 mask 255.255.255.255" w4 U) G4 P. {6 e7 z
neighbor 10.1.1.19 remote-as 100! O; [; `& \, b3 f2 p0 a
neighbor 10.1.1.19 update-source Loopback09 S8 p/ \& D* j! E9 X( [
neighbor 10.1.1.19 next-hop-self
" B4 N4 i( C, i& Y: I neighbor 10.10.183.30 remote-as 2003 J! I y! o* y; q6 c" s
neighbor 10.10.183.30 route-map AS out
# s: M9 z* J- {+ r$ \' M# O no auto-summary
6 a! N' \! z4 A+ `# y; O2 _3 \( {!
9 q% ~3 {, }; K" a* f Gip http server
0 I0 J2 V W2 B+ J3 B4 V7 ~no ip http secure-server s7 ?+ j" K/ ?: i+ ^; G- y
!
! a/ b3 [8 s7 f!
* v' C% ]# ~: a t7 b, a* U: z1 f( c!$ ^; o1 ~, d6 L% j* T
access-list 10 permit 10.10.18.2/ `) q$ _. ]& k. \( F: S' ]+ M' d1 w
access-list 10 permit 10.10.18.17 t: |* \ {5 X! S
access-list 10 permit 1.100.100.100
- u5 P, o! T: h1 \!
: R; x6 }: {0 L# u+ v0 a+ ~6 R- w) kroute-map AS permit 10. H; H( g# J# j: C
match ip address 10. M7 q; |! ]( K! _5 |
set as-path prepend 100 300 500 600: t, ^( C* N* d5 S! a
//我们在R18上发现了1.100.100.100的起源路由器,并且通过route-map对路径进行了设置。
9 @' G' ]. Y+ S9 K/ c//为了不要更多的更改路径属性,所以我们仅把这个AS300给NO掉就好。
2 K1 {) c1 V6 i' J j6 \RACK30R18(config)#route-map AS permit 10
7 h |) i3 u$ ~" ~( E" |+ _RACK30R18(config-route-map)#no set as-path prepend 100 300 500 6007 N5 z1 N' E! }2 A/ s8 ~$ w
RACK30R18(config-route-map)#set as-path prepend 100 500 600
. a& h( \1 y- E$ J# W* @! @( ^) d7 m6 ZRACK30R18(config-route-map)#
0 R( Y. @ V0 Q, o+ FRACK30R18(config-route-map)#do clear ip bgp * so
% M9 }8 P' {0 z, p0 {6 ], P7 V//配置完成后,清一下路由表,让BGP路由信息尽快生成。
/ d1 K2 Q: ^% M8 _" s4 d1 C, X//去R27上面看一下BGP路由表情况。; ]2 L3 a6 p& e* }$ a, D
RACK30R27#
1 H0 _" o7 G# l, W, I2 \, GRACK30R27#show ip bgp# | B& _ p6 M* M4 G0 }
Network Next Hop Metric LocPrf Weight Path7 S( B h% Y. `* r
*>i1.100.100.100/32 10.1.1.28 0 200 0 200 100 100 500 600 i
- Z: L$ ]7 K% i# |1 O7 e*> 10.1.1.27/32 0.0.0.0 0 32768 i* s" l, b! |, z- ]
r>i10.1.1.28/32 10.1.1.28 0 200 0 i
$ u- I/ J w- p J" {4 A7 b! fr>i10.1.1.29/32 10.1.1.29 0 100 0 i
! ~' Z* n- t5 e: b& _: G5 H0 ^: {r>i10.1.1.31/32 10.1.1.28 0 200 0 200 i3 C" o; ? t d
*>i10.10.18.1/32 10.1.1.28 0 200 0 200 100 100 500 600 i
' M/ B7 R" W z4 J9 h0 E. e7 S" Z*>i10.10.18.2/32 10.1.1.28 0 200 0 200 100 100 500 600 i
* |# Q0 j. t# Q3 O& r0 |0 ^RACK30R27#. L6 M6 d) C( z. B. D
RACK30R27#ping 1.100.100.100 sour 10.1.1.27
+ f3 p* c$ J. W. _Type escape sequence to abort.% F% j+ B- ]; g7 {6 @
Sending 5, 100-byte ICMP Echos to 1.100.100.100, timeout is 2 seconds:4 J. T2 j% K- Z% L, U
Packet sent with a source address of 10.1.1.278 ^% \4 Q: {% _& r
!!!!!- R, u3 ~% l6 E, x) D7 i; i
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/112/156 ms/ q9 t; N; J; a3 a$ e( y4 k5 I: x$ F
RACK30R27#
+ b5 P/ D, F& k8 x; v' F4.R9 should use loopback 10.1.1.9 to telnet 10.1.1.10(pls do NOT remove and modify any command ).
; p' e) }' Q" h$ P' |% ~$ ZR10>; `4 R/ G8 X* O; U7 ^. K
*Mar 1 00:00:38.355: %PIM-5-NBRCHG: neighbor 172.16.14.26 UP on interface Ethernet3/01 x; P% l5 b2 y; A; j( J
*Mar 1 00:00:38.367: %PIM-5-DRCHG: DR change from neighbor 172.16.14.25 to 172.16.14.26 on interface Ethernet3/0
& [" E; e( ^8 R7 @4 o) [4 L; j# JR10>9 ?* ]' Z) B6 w6 e: z# {
*Mar 1 00:00:50.327: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.9 on Ethernet3/0 from LOADING to FULL, Loading Done
8 H' D( I) A, tR10(config-line)#do show ip ospf nei" i# ]: N/ ~4 C% L7 {
Neighbor ID Pri State Dead Time Address Interface( Q: Y! S* c1 w( `/ |* B- |: X/ }( L
10.1.1.9 1 FULL/BDR 00:00:32 172.16.14.26 Ethernet3/0
1 @0 c7 I' H$ a m) s//开启R9和R10的时候,出现了以上提示。首先确认R9和R10的邻居是否正确建立。$ q0 H3 B. j, `. p* i! k( _, `
//然后查看R10的VTY端口是否配置了某些阻止TELNET的命令。7 ]4 x! i# z3 w2 b
R10#show run | be line4 P l8 o* G' R! G; Q
line con 0" }5 y. ~0 j n9 X
exec-timeout 0 0- N9 m8 m: k) v' X
password cisco+ Z; \( `9 y! |* m% J
logging synchronous0 t4 W6 @4 q6 X( G1 J
line aux 0 i1 C9 [5 z) N
line vty 0 49 Q6 _% ?# T6 q$ g6 f0 @
exec-timeout 0 0
' p1 `; K# W2 l0 Z# R4 w password cisco
) c9 U+ ~, s6 W+ V, Q, E% h" C( I4 I logging synchronous& B$ _7 i+ M$ M' k- w) V$ g
login6 j' M! x% F3 [3 C
transport input none
/ d6 L% i0 _+ v* Q$ Q!2 ^) O& `! r1 ]. A% d9 f0 N2 P# ]
!- l. {! M5 r) u8 k/ Z/ L* e
end% g6 D8 b3 [( |
//通过VTY进入的时候,没有方式允许。# o- |$ H' M! X h; Q2 v- z/ d
R10(config-pmap-c)#line vty 0 4# W, {6 x o+ l( A
R10(config-line)#transport input telnet
! @% X7 ]$ \ F. J5 F: ]2 _; K) t+ A0 c; ]7 d
//查看R10的访问列表,是否执行了阻止。
- H8 A; Z: Q: p( Y! ]R10#show access-list
- v. k( A( b9 S# V8 v: x; j! OExtended IP access list 100
{0 |. o% v' s8 q! _( W& D5 { 10 permit tcp any any eq telnet (12 matches)' J; T, l$ N1 D% u; ?5 R
R10#show policy-map
5 G" s6 f$ F$ s/ X3 J# w Policy Map TELNET
- ?/ M$ }5 Q; v1 c! v$ a Class TELNET2 |9 ]& f7 k0 J0 y; T
drop
0 Q5 a% |8 l y" j Policy Map marking
/ b9 j% A+ C* l9 v//因为题目要求不能删除或者修改现有配置,但可以增加新的ACL。; }! N& W. ]4 B
因此我们就按照现有的配置增加新的ACL,让其匹配policy-map。# `( `0 c8 m8 M
R10(config-ext-nacl)#do show access-list
. m& B8 {: C: c( I4 ~% B& DExtended IP access list 100 y, H$ |5 I9 p" p0 x5 f
10 permit tcp any any eq telnet5 O; w8 j4 Q {) D/ q: z
R10(config-ext-nacl)#
* _0 a8 J5 C6 d) s" A: p//我们在此插入一条,acl 5上去,让policy-map先匹配更精确的5,从而不匹配10 的那条ACL。4 B1 D' e4 L( ?% O; ?- T1 g
R10(config)#ip access-list extended 100
. K) d" Y2 ?6 \0 I4 c- i" V* {) d- XR10(config-ext-nacl)#5 deny tcp host 10.1.1.9 host 10.1.1.10 eq telnet3 Z% J; |' N2 I# u; U5 T
R10(config-ext-nacl)#do show access-list
1 w. \! [& \# x" O. wExtended IP access list 1005 _/ c$ e3 Z; Q7 D8 m0 e2 F/ w" K
5 deny tcp host 10.1.1.9 host 10.1.1.10 eq telnet- `7 y# W7 T- ^. o6 p
10 permit tcp any any eq telnet
$ n% H- J/ B# L; f9 b//进行telnet测试6 l r+ s, a. q+ p6 x
R9#telnet 10.1.1.10 /source-interface loopback 0
' K! B, k- Z6 g: n% z+ ]Trying 10.1.1.10 ... Open
) n6 u& H! g) v' W. n" _ M# i% E* f) n" J2 v) L6 o- D' s
User Access Verification. I7 Z: e7 K; D1 o" u( \) ~/ }" e
Password:1 a' l( ?* i! z5 a* A [& f9 g7 Q
R10>exit' I& t j, ]& n; D
5.R15 should ping R13 and R14.
: G9 F! m. Y7 ~1 \0 g% rR15#show fram map
# ]$ I% w. g& G9 oSerial1/0 (up): ip 172.16.13.2 dlci 314(0x13A,0x4CA0), static,9 |0 O0 D# _3 {0 g$ y
broadcast,
2 V* R/ J$ M! a' U CISCO, status defined, inactive& R, X5 u4 U# {; p( e# Y% o
Serial1/0 (up): ip 172.16.13.3 dlci 315(0x13B,0x4CB0), static,: h7 ^3 G& ~' @: i6 p! Q0 u
broadcast,( o) g- s; m& c) L3 W+ }8 i
CISCO, status defined, active
: [% ~3 c: t# PR15#
1 G3 @/ ~9 C" g/ ~+ Z9 A*Mar 1 00:01:14.959: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.13 on Serial1/0 from EXSTART to DOWN, Neighbor Down: Dead timer expired* i$ e( k7 Q4 q. d: L+ }
*Mar 1 00:01:15.067: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.15 on Serial1/0 from LOADING to FULL, Loading Done2 U, t% {# O) W9 i" s4 \: ^' o
R15#show run int s1/00 g, @; P, y& i( O) A0 e1 K
interface Serial1/0( n) \% D- m5 ^) k
ip address 172.16.13.1 255.255.255.248: @! k) J2 P% G3 ~+ v& W3 f Y0 S
encapsulation frame-relay$ @$ L. P1 V" m4 T& N( ^
ip ospf authentication message-digest
4 h. N% {# ^* ]- H9 u1 I2 o ip ospf message-digest-key 1 md5 cisco0 M" i- q2 Q+ f% C3 }' }
ip ospf network broadcast
7 B1 h8 z8 \, p. G; x9 [2 K serial restart-delay 0: | v, Q, {7 A y+ G
no fair-queue
% S5 z2 N. ^0 f. h5 v i! O frame-relay map ip 172.16.13.2 314 broadcast
* p6 j$ H, ~9 w: \ frame-relay map ip 172.16.13.3 315 broadcast, T5 o/ t/ K( ~2 }% @( g0 ~
frame-relay lmi-type cisco
" e" e; t/ K0 \) J1 K; Vend
- n2 L- ^* ~% ~6 f1 k% ?R15#1 l& D& H2 K5 p5 c8 i6 l
//在R15上查看frame map可以知道R15和R14成功建立,但无法和R13建立。3 m5 @# \ N2 m5 f2 ?0 M" _
R14#show fram map
4 t2 T) V$ k6 @3 a8 F' `Serial0/0 (up): ip 172.16.13.1 dlci 351(0x15F,0x54F0), static, B5 B# T/ d$ r$ a2 w7 b. T2 R9 }1 i
broadcast,
- B5 K8 d' b- x* s# _ CISCO, status defined, active% q( O# T# J6 o _- l7 _4 q
Serial0/0 (up): ip 172.16.13.2 dlci 354(0x162,0x5820), static,
1 S8 n/ ]* d- `0 P broadcast,
3 }* V. N$ H8 D CISCO, status defined, inactive
5 f5 O$ f& E3 W3 Y# P C- jR14#show run int s0/0
/ N U$ q! t9 ~* _* yinterface Serial0/00 K5 t1 F/ h$ \8 m+ K
ip address 172.16.13.3 255.255.255.2482 }# Z# r, Z* S% ^; E9 H% @
encapsulation frame-relay
. l' J8 ` W3 K/ f1 t9 d ip ospf authentication message-digest
, u1 m: k9 `6 D8 t. C ip ospf message-digest-key 1 md5 cisco
8 R6 T$ b0 j& E6 ]4 Y6 J8 v ip ospf network broadcast
9 G% v0 C4 f& [ serial restart-delay 0( R, L' C3 Y3 I' H8 B! V
no fair-queue% A; d/ P5 b, `
frame-relay map ip 172.16.13.1 351 broadcast! o5 T' ?; Q# _
frame-relay map ip 172.16.13.2 354 broadcast% H1 t: u4 }& H" b- k
frame-relay lmi-type cisco
# W1 q! }. x/ J8 ]end& H+ u- Z ]% t1 S1 J
R14#
, L ?3 Z* H0 [8 t* r1 Y//在R14上查看frame map可以知道R14和R15成功建立,但无法和R13建立,所以问题直接上R13去查看。
9 H1 [; o- M( @0 v3 P9 R. OR13#show fram map
3 W9 d' K) `* H# RSerial0/0 (up): ip 172.16.13.1 dlci 341(0x155,0x5450), static,2 h- B% }& [2 c9 e1 L2 f* J/ Q
broadcast,5 h2 s N3 k/ _! C9 \4 {7 {
CISCO, status defined, inactive
6 w0 j, Q* q5 k# K6 p' DSerial0/0 (up): ip 172.16.13.3 dlci 345(0x159,0x5490), static,0 ?4 r# n6 @2 w9 k. x% z% W9 m$ ^7 u
broadcast,
4 E- G0 e q8 B/ W2 t- j( @. ^ CISCO, status defined, inactive
$ F9 X7 l K- n, S( ]6 l0 MR13#
' E8 X5 N9 @8 v+ J2 {3 dR13#show run int s0/0* Z: k) C0 P9 E5 V+ a# O1 y
interface Serial0/0! M+ Z: J% i0 W: i
ip address 172.16.13.2 255.255.255.248) H& ^: N% j' r* z
encapsulation frame-relay7 M' Q& K6 }- |. A e0 a
ip ospf authentication message-digest
/ O0 l. }4 a! \: ?1 x ip ospf message-digest-key 1 md5 cisco
- N0 w# J" R; } G/ z# ]4 g; H3 @ ip ospf network broadcast
+ [; r0 L$ \. N ip ospf priority 255
) u9 v. P. b( y* t serial restart-delay 0; n# c# T& W' x' S# V
no fair-queue$ D8 w* n4 H4 s4 H
frame-relay map ip 172.16.13.1 341 broadcast: h4 \9 G) A0 x& ~# I- |( g7 v
frame-relay map ip 172.16.13.3 345 broadcast9 X& \# _* `7 D; m& J
frame-relay lmi-type ansi3 n7 V, s' d, |; v, I5 h) `
frame-relay intf-type dce0 l4 O# K2 z1 ?& }; V8 g
end
! p( J, K1 }- t/ h$ UR13(config)#int s0/0% d t0 f# b w) S& [0 j9 j
R13(config-if)#no frame-relay intf-type dce
7 u# E+ c+ q6 R0 BR13(config-if)#no frame-relay lmi-type ansi
+ O$ K# R: t; P! o3 P' E' FR13(config-if)# U0 D7 e2 o( R+ n2 H
*Mar 1 00:04:07.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
, g; r/ d$ |7 i2 d% M/ UR13(config-if)#do sh7 L* A6 Q' w7 j3 ^& s! v* i+ N
*Mar 1 00:04:36.947: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.15 on Serial0/0 from LOADING to FULL, Loading Done6 W7 J$ j p5 U1 W0 y
*Mar 1 00:04:37.283: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.14 on Serial0/0 from LOADING to FULL, Loading Done
K% I+ n7 Z2 F; v7 N h//假设FR无法进去配置,那我们有应该让删除所有帧中继非默认配置,好让frame-relay自动协商成功。
) u' ]2 q( z& U' B' w+ KR13(config-if)#do show ip ospf nei* T5 u8 L2 T3 k W# F
Neighbor ID Pri State Dead Time Address Interface# Q/ }# {# J* K+ p: I" Y" B( q
10.1.1.14 1 FULL/BDR 00:00:38 172.16.13.1 Serial0/0* s+ y5 D% g9 y2 t
10.1.1.15 1 FULL/DR 00:00:38 172.16.13.3 Serial0/09 I: d8 v) p; A& Q" {
R13(config-if)#
" ]$ x# O, H! b+ e1 |1 D* ^R15#ping 172.16.13.2
. H- b* p7 {# d; D5 [Type escape sequence to abort.
* m' X% P4 J( CSending 5, 100-byte ICMP Echos to 172.16.13.2, timeout is 2 seconds:8 c" |$ l p3 ?0 V/ Z6 A
!!!!!$ U1 ~5 J; U; @$ M" v1 f1 P/ \1 m
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/44/60 ms. x! z' K' g. S
R15#ping 172.16.13.3; ?1 n! x- _" f$ f E! Z
Type escape sequence to abort.4 y# \2 x! a8 O9 Z4 Y$ x
Sending 5, 100-byte ICMP Echos to 172.16.13.3, timeout is 2 seconds:
. S. m. C7 R7 `4 C: ]# b; k E!!!!!8 @/ ^1 I' V8 I Q* ?, b
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/42/64 ms% _& u6 t; Q2 ?7 F, K0 c& U" i
R15#7 u0 W& F6 _+ Y/ y- h; `( b# z
6.R24 & R29 should ping R10 FTP address 10.1.1.10.$ Y$ r: T F4 I* A3 K, Q% B4 Y2 u
//这个题目包括了很多意思和内容。
R4 P0 A. J- I8 @. t 首先是R24的问题,R24有个EIGRP负载均衡,是否需要解决,取决于题目的要求。
S* \5 r( U4 O/ q! Z 在这里我会解决负载均衡的问题。; }7 J" V2 a1 u) _
其次,R24和R25中间的帧中继问题。0 ]" m& e, b) M- E& F; h4 g7 S
再次,R25和R29的串口问题需要解决。
6 R7 L/ g6 Y) ]0 C( x 最后,R13到R10的链路,是否可以正常通信,是否有访问列表阻止。9 N8 g- r2 ~) ` t: C
solution1:R24 和 R21 负载均衡问题。(与第七题一样,这里提前解决)
2 t& k+ E# ?- j+ p6 ~, H; TR15#show ip int br
5 I; l5 _9 b ~! v4 M: A' T. HInterface IP-Address OK? Method Status Protocol
2 q5 C/ X k3 V( G2 T ~Ethernet0/0 172.16.13.29 YES NVRAM up up
0 c# z$ ~0 w. N//这个接口是连接EIGRP的接口。 & t! O! _( z+ P' {/ e; O: R
R24#show ip route3 s9 e8 m( k+ u7 q' f
172.16.0.0/16 is variably subnetted, 7 subnets, 3 masks
S( T1 w5 c( I& a: a% ?0 kD 172.16.10.16/29 [90/307200] via 172.16.10.11, 00:06:15, Ethernet0/0
% n& ?7 C( n( Y" k! m+ R3 cD 172.16.10.24/29 [90/307200] via 172.16.10.10, 00:06:19, Ethernet0/0
1 Y8 r3 ?; h& I, ~9 d//到达R21的路由通过R22和R23过去,R21 E1/0是.26/29,所以该子网内的主机是25-30。
1 m8 O9 l% Y" P9 J2 f R21 E2/0是.22/29,所以该子网内的主机是17-22。
( ]) x, a9 a7 {7 H) j- Y* t 因为地址不重叠关系,R24去往R21是通过两条路由标识。
3 x4 v- |- T# h# C% q 查看R21的接口配置,看看R21返回R24的路是否负载均衡。
& x$ Z* A4 R0 K& b8 vR21#show run int e1/0
% a" C3 I7 r4 o8 p: X( F) _- Dinterface Ethernet1/0
$ n1 k R9 \2 P* R3 p2 {) S4 I ` ip address 172.16.10.26 255.255.255.248- V+ z, Q: I) l1 } s
half-duplex
8 |9 h: O" s" X, @end
8 d; c5 u [$ v5 n/ `R21#show run int e2/03 k0 z1 i1 T! x4 \
interface Ethernet2/03 K1 D, B {( m+ b1 f& [
bandwidth 1000000
9 @% X h. ]8 I6 e. c# ~' W. { ip address 172.16.10.22 255.255.255.2486 O/ N& p; l% ~5 {; y( W
half-duplex
Z! r9 c: t1 l+ n1 W2 o" u Kend+ I( Z* Q; H# W
R21#+ _/ s% J2 Y, v, c$ Y m" j
//可见R21对R23的端口做了带宽的设置。9 n2 F2 ~4 U, O' |' F1 w. u
R21(config)#int e2/0
* U C, u, g$ p. e. t3 DR21(config-if)#no bandwidth 1000000
; `- h$ O0 P6 e* a" L7 i1 g7 q5 hR21(config-if)#
, a& e/ p, v g) S4 s7 M `8 LR21#show ip route; O# R' f: D' u+ [3 r5 w
D 172.16.10.8/29 [90/307200] via 172.16.10.21, 00:00:05, Ethernet2/0
' Z* ]+ |2 A) z; z# P2 m//去往R24的路径还是没有变化,其他设备查看接口配置情况。3 {4 l. Y2 @+ b- K: \5 Q6 s' U/ i
R22#show run int e0/0
. B7 Z* N# t+ s: }! rinterface Ethernet0/0
) q9 z- ]0 i x; Q: t6 @7 h ip address 172.16.10.10 255.255.255.248
4 S; \( J! O- z0 x0 n: r) b3 | delay 200
8 K( a% J7 C! \% B2 _7 r half-duplex
: t, R5 O; C) p7 Y; W8 Send
- Q3 t) V3 g9 H! F9 B( Y+ jR22#
; f9 s" k H/ g/ G//在R22的接口上面做了延迟,解决它。* X z$ e( r; f y+ ~6 u
R21#show ip route
" G6 B3 J+ g) P7 i6 K+ VD 172.16.10.8/29 [90/307200] via 172.16.10.27, 00:00:03, Ethernet1/0
$ s1 M. p6 A4 X6 N. \$ `3 Y4 V" R [90/307200] via 172.16.10.21, 00:00:03, Ethernet2/0) w& F9 {1 u1 u) x: Y3 ^
//现在可以实现负载均衡了。, q$ O. q) ~; H3 Q5 @
solution2:R24和R25的帧中继问题(以前是帧中继问题).
3 \9 O: M A9 Z2 `R24#show fram map$ _# J M1 o7 ]" }
Serial1/1 (up): ip 172.16.10.77 dlci 809(0x329,0xC890), static,
' W. `; S4 v1 N broadcast,
8 _9 m9 Q! w9 o! I( R6 g CISCO, status defined, active5 ] J% x2 V" q) C, M2 p ^2 Q
Serial1/1 (up): ip 172.16.10.78 dlci 809(0x329,0xC890), static,
+ L: w4 J0 U2 F$ i, c broadcast,5 c7 |$ J6 Q6 K7 k' u
CISCO, status defined, active
7 ?+ Z& ]: D0 n/ P2 vR24#
- h0 j% @3 r+ Q% Q5 _R24#ping 172.16.10.78
: N" v/ @7 `0 l9 a* F3 W: [) a7 zType escape sequence to abort.
7 u3 Q( q: J% P+ C( B% A) j- RSending 5, 100-byte ICMP Echos to 172.16.10.78, timeout is 2 seconds:
6 E# ~: Z, d9 L) f!!!!!4 q( ]5 g+ ?( v' ?+ m0 Y9 E
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/36/80 ms
4 n c+ @. D; K9 YR24#ping 172.16.10.77 e: E; J1 J8 C( f/ A
Type escape sequence to abort., N9 B `" H% C
Sending 5, 100-byte ICMP Echos to 172.16.10.77, timeout is 2 seconds:+ y) P& G- j2 E9 y
!!!!!4 D& R( [1 r0 X7 B
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/62/88 ms6 \; d( J4 C+ H/ W; K" g k6 x/ y
R24#* y; z% _- [' N/ R, e
solution2:R25和R29的Serial 问题(以前是MPPE问题)., p/ N: e* g" M3 o2 k" h. m$ i/ R @% v
R25#ping 172.16.9.2# n; v% u! `9 [3 q/ c' u& J
Type escape sequence to abort.5 b) ]/ E/ O) o' `& B
Sending 5, 100-byte ICMP Echos to 172.16.9.2, timeout is 2 seconds:. c3 Y$ ]5 ~) h7 n1 z
!!!!!4 Y' g2 c% c2 h2 E: C) a L" ?
R29#show ip route
6 q# ~' ]2 v$ t! D 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
/ E/ @9 W! D# v0 U2 v0 l0 uC 172.16.9.1/32 is directly connected, Serial1/0
6 L* c' o4 l) \' S `9 w' dC 172.16.9.0/29 is directly connected, Serial1/0+ [$ h. }3 g# g6 K+ ?
192.168.20.0/32 is subnetted, 1 subnets
# l# y! ~! b1 b. b s0 i; i9 CC 192.168.20.1 is directly connected, Loopback1
" P* |3 i x3 P% L4 A3 W 10.0.0.0/32 is subnetted, 1 subnets
$ g9 H; Z8 V! }& V9 FC 10.1.1.29 is directly connected, Loopback0% _2 \2 N0 a9 |5 p' P" [
//R29只有直连路由,并没有学到EIGRP内部路由。检查协议情况。- ~, D8 }7 k' p8 i* C
R29#show ip pro
8 y- h1 T( b3 R( o* t: ]8 v7 RRouting Protocol is "rip"- a& }+ |8 N7 z( d0 q7 D- P( s9 v1 a
Outgoing update filter list for all interfaces is not set d' G+ c) R: J
Incoming update filter list for all interfaces is not set8 ~% O; ~; J: x* l" `2 D
Sending updates every 30 seconds, next due in 20 seconds4 t4 T9 F5 n6 {# t
Invalid after 180 seconds, hold down 180, flushed after 240
/ R3 e4 E( m: E. W. S Redistributing: rip# Q% g1 W& d( V/ j" T( U% ^: I" F
Default version control: send version 2, receive version 2. l% U4 H4 B6 @2 h5 E3 U( M% o
Interface Send Recv Triggered RIP Key-chain" X$ z" `0 @$ K6 M$ t8 j+ b8 Y
Serial1/0 2 2$ L) I7 e( J8 s' G
Loopback1 2 2
4 G7 p$ E, z& v" t Automatic network summarization is not in effect
/ V3 z5 C, ?8 X2 {; p p Maximum path: 4
; j h: U5 h8 @5 A. w) q$ N2 E) |" p1 U Routing for Networks:. L) D ?( i/ v" p5 |- A. F$ y, E
172.16.0.0
o3 n. O& G* l" a9 d% s" } 192.168.20.07 a+ M) w& w% X" o1 ?% L
Routing Information Sources:
2 K$ X3 L9 \2 N& X Gateway Distance Last Update
& \; x J6 j' c Distance: (default is 120)
& {7 U3 e Q6 p4 n7 I# f6 ]9 nR25#: V+ A* `! i( A w0 r" r$ E4 [6 Q
Routing Protocol is "rip"2 ]& d3 G0 p- z1 [
Outgoing update filter list for all interfaces is not set/ U$ c# n- r2 ^' ^+ c
Incoming update filter list for all interfaces is not set/ i5 o- L# t/ {# \* e
Sending updates every 30 seconds, next due in 14 seconds
7 j* i m$ K4 T Invalid after 180 seconds, hold down 180, flushed after 240
2 y% w) O V. \ Redistributing: eigrp 200, rip
1 m! s/ s6 |6 t5 ?6 ? Default version control: send version 1, receive version 1$ R3 s; P- G4 @2 L
Interface Send Recv Triggered RIP Key-chain2 T: w' q- D' l; W5 H/ j8 G/ M2 _
Serial1/0 1 1
$ k8 B& H# e! P' z# P4 q Serial1/1 1 18 O. h5 h- P! t9 A6 z) u0 S: o
Automatic network summarization is not in effect% z& ~; ?! D: W1 W5 j, z
Maximum path: 4
& a6 l' V* h8 D; B& _ Routing for Networks:' x) `0 t' ~/ ]" }
172.16.0.02 \% U& m- z( g1 ~
Routing Information Sources:
% G3 q+ K; S; W A) N, s; c" N, T Gateway Distance Last Update
' q% V6 @6 w) O3 g Distance: (default is 120)/ `9 a* `3 X! a, d X
R25#
4 J* @& j g4 v! C+ R//R25和R29发送和接收的版本不一致。
6 _1 N$ X. [* L$ FR25#show run | be r r! L9 F& G: N5 P
router rip
; d6 U! ^ }( A+ V version 1
3 g! j$ }# N: [ redistribute eigrp 200 metric 2% |* J" `4 g3 J/ u: D
network 172.16.0.0 _, D' S# Q0 x4 |; x. z
no auto-summary
& T8 Y/ V4 I) l& N* KR25(config)#router rip8 _6 C8 ?( F/ u* ?7 U' Z3 N
R25(config-router)#ver 2
7 t8 I6 X/ ~$ u, b1 P; YR25(config-router)#
# f1 ]8 O% x" x& t9 z4 LR29#clear ip route * //加快刷新路由表速度。/ _- f8 J$ s$ l9 C1 J$ K5 t
R29#show ip route
7 A; n* R) s O; Q" l3 P 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks9 V( I& B( W2 n+ @* \+ A
R 172.16.10.16/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0$ q3 R& [ x$ l
R 172.16.10.24/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0$ ~1 c3 w! [* ?0 q
C 172.16.9.1/32 is directly connected, Serial1/00 \3 D' a6 y7 C9 k2 y
C 172.16.9.0/29 is directly connected, Serial1/0
. F: h6 `: f5 }2 z9 UR 172.16.10.8/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
1 z' k: a O4 N& FR 172.16.10.72/29 [120/1] via 172.16.9.1, 00:00:01, Serial1/0) o5 W, \& ]- _' |
192.168.20.0/32 is subnetted, 1 subnets
/ R# }5 E, F2 U6 K8 m! G( ^C 192.168.20.1 is directly connected, Loopback1
* @- O( j2 g( o0 C; O0 R 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
3 p. G' z' N2 H/ z; tR 10.0.0.0/8 [120/2] via 172.16.9.1, 00:00:01, Serial1/0- f- B9 ~2 x* G6 S- B+ Y
R 10.1.1.25/32 [120/2] via 172.16.9.1, 00:00:01, Serial1/0; }% T4 z6 l* U+ W6 h
C 10.1.1.29/32 is directly connected, Loopback0, t, ~& r1 c; n+ {+ f0 t2 r# f* z
R29#
& c5 V+ P2 z) q: i- \' ?& T. ]//R29目前只能ping 到R21的EIGRP端。
$ D) I: |$ O" Q 检查R21的重发布问题,为什么EIGRP收不到来自OSPF的路由。
- m1 j2 |2 @. g2 z; P3 A. AR21#ping 10.1.1.10 //R10的Loopback口
3 s( c; C$ `: q; \Type escape sequence to abort.- i5 X/ p% R7 _# @
Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:- J& J. E! H: [3 @" }( ~
!!!!!
, i* _- V' Y( V W' KSuccess rate is 100 percent (5/5), round-trip min/avg/max = 52/67/80 ms
2 y: ^3 i0 ?' X! E. E1 a7 IR21#ping 172.16.14.17 //R10的物理端口1 {7 h: u$ A4 q! S J
Type escape sequence to abort.# k0 J; {- l1 E) @. y% x) s3 _
Sending 5, 100-byte ICMP Echos to 172.16.14.17, timeout is 2 seconds:2 h1 W p( b7 y
!!!!!
8 l: n, ?' a! L' \- PR21#show run | b r e) v3 }8 `, l) ]" i/ ]3 C& p3 B6 n6 ^
router eigrp 2009 y* A; `2 Y9 Z9 F
redistribute ospf 1
4 L. [ v; V0 H. E network 172.16.10.22 0.0.0.0
5 a" e: {9 N3 ~0 c' U; N network 172.16.10.26 0.0.0.0
1 v$ N) ?$ J) Q$ B. Q# s' y no auto-summary
; o$ g3 Q/ p7 Y( Q+ X( T% A!' d" w# H: p. J+ U+ {7 F1 T
router ospf 17 x* R) J. Z- g) r
log-adjacency-changes) p) m9 Z. b) D4 \, k1 f, c
area 1 nssa
+ V+ W K* a& M0 g3 {& [4 A( ` redistribute eigrp 200 subnets( _+ O X! h9 u. u
network 10.1.1.21 0.0.0.0 area 1
( y$ ]8 d1 N5 v' i( h network 172.16.13.30 0.0.0.0 area 1
+ f& a( k/ q& q5 |; M. aR21(config)#router eigrp 200; x: l" S4 _. H
R21(config-router)#redistribute ospf 1 metric 10000 100 255 1 1500 [2 ?* `/ ^+ Z! Y
R29#show ip route& T& }: k6 B/ }
172.16.0.0/16 is variably subnetted, 14 subnets, 2 masks
% K( B' T6 [ lR 172.16.14.32/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
. e+ x' d V8 c* ?; U# d; X% DR 172.16.14.40/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
* H' G6 b& _ U+ G8 `R 172.16.14.16/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0* K( X8 b) I/ o( c3 y
R 172.16.10.16/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0( h5 b# a: O+ j6 f
R 172.16.13.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
y0 y; \# h& ~; WR 172.16.14.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/09 R: Y- N& f* }. O! U
R 172.16.10.24/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
; `# L3 m3 K- r; ]9 B3 p( XR 172.16.13.0/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0( G# O- ~! n: Y* H" P
R 172.16.14.0/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0
4 L8 K2 x# q9 u ~4 o0 k' WC 172.16.9.1/32 is directly connected, Serial1/0
) [8 j2 _9 ?0 `) b/ j# eC 172.16.9.0/29 is directly connected, Serial1/00 G% \' H& u9 x7 i3 _+ D$ O6 m
R 172.16.14.8/29 [120/2] via 172.16.9.1, 00:00:00, Serial1/0) X) Y; V; h4 o3 h4 t7 }' I& C
R 172.16.10.8/29 [120/2] via 172.16.9.1, 00:00:01, Serial1/0+ E2 r2 I: M; x* C- E: @/ s1 N
R 172.16.10.72/29 [120/1] via 172.16.9.1, 00:00:01, Serial1/0! m" E Z3 y' @4 `( S2 i/ ~: r$ N
192.168.20.0/32 is subnetted, 1 subnets( F/ a9 ]- i4 V
C 192.168.20.1 is directly connected, Loopback1: W5 b0 D/ C1 W' B
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
4 p! B8 z" H" N0 L3 p8 p% JR 10.0.0.0/8 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
+ M3 |/ Q3 z) `R 10.1.1.25/32 [120/2] via 172.16.9.1, 00:00:01, Serial1/0
0 a- G- `% ~3 ^( W! KC 10.1.1.29/32 is directly connected, Loopback0
( P! g+ N/ N2 |( S- h( V+ }9 m) ER29#ping 172.16.14.17" ]( s5 i M* e$ Y$ g& G
Type escape sequence to abort.
# ^) V9 e4 h" u1 f' t) nSending 5, 100-byte ICMP Echos to 172.16.14.17, timeout is 2 seconds: X3 N6 o* r @8 T4 }- d
!!!!!
# z$ V4 h9 ~ L3 y) }Success rate is 100 percent (5/5), round-trip min/avg/max = 64/95/160 ms
# ]$ G( w( d& j# G: R4 V8 z3 R* MR29#ping 10.1.1.103 u) Q( |8 I" ?" m) {# u5 y, f q
Type escape sequence to abort.( N/ a9 X* y( s; f6 \: ~& d
Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:
3 Q4 m- [& v5 `, V/ a/ a# e" g) K. M!!!!!
) f; ?8 U( P/ F f( l) \Success rate is 100 percent (5/5), round-trip min/avg/max = 64/108/148 ms
: d0 H4 P1 S* b9 z7 e( PR29#/ k( S1 D9 r! W8 \
7.R24 forward to FTP server 10.1.1.10 should come true bidirectional load balance.
+ V. P) E: d* G4 c1 VR24#show ip route" `- m3 V; R- a- \) T; B2 Q
D EX 10.1.1.10/32 [170/332800] via 172.16.10.11, 00:07:18, Ethernet0/0; ^- b5 G! o% |: H) N
[170/332800] via 172.16.10.10, 00:07:18, Ethernet0/03 x( Y% ]0 o- r
R21#show ip route: R! t1 Y, q. J$ Q8 r( m
D 172.16.10.8/29 [90/307200] via 172.16.10.27, 00:02:06, Ethernet1/0% N7 ]; X! ^# e
[90/307200] via 172.16.10.21, 00:02:06, Ethernet2/03 N# g; N: {# f- \$ e( W
//R21和R24的双向负载均衡。解决方法就是第六题的solution1) E* G8 }+ Z2 {. S! w; C/ o0 u
8.R3 is IP multicast server, R13 should ping R3 multicast address success.
) m5 Z+ b. y, G//既然已经知道R3是multicast server,那么这题思路步骤要按照IP multicast的路径一个一个往下游检查。
, X# @$ C* j2 G( | 如果不知道,就从目标一个一个往上游检查,直到检查到multicast server。7 F: o; `/ x; f. p3 q
multicast的主要命令有:7 M4 v1 B& B/ A9 v b* S+ y
ip multicast-routing 激活多播路由,为了防止路由黑洞) J0 Y% [; Y P5 v
ip pim [sparse | dense | sparse-dense] mode 启用模式
1 x9 f7 j9 _5 n' q6 n* M3 x ip pim autorp listener 组播监听) ^: U3 d8 ?' w# I( h
这些命令都是基本的,必不可少的命令。应该在所有路由器上都可以找到6 i9 ]3 u% a1 \# f$ b
R3#show run | in ip pim
& n' m# ^$ X) |) Jip pim send-rp-announce Loopback0 scope 1 group-list 1
4 |" H. [. W2 t# B( r1 R# B: ]ip pim send-rp-discovery scope 1) ^$ H( a' u! a' O5 M
R3#
' M- H: J3 z/ ^- O' I! K, `: L//pim 跳数限制成1跳,改成16跳。并且查看group-list 1。
8 w8 Q' g! y2 w8 w: b, hR3(config)#ip pim send-rp-announce loopback0 scope 16 group-list 1
+ r0 Q% e% Z# ~* ]7 Q @R3(config)#ip pim send-rp-discovery loopback0 scope 16; ^# @, h- y) O3 o2 T' O( b
R3#show access-list' f) M2 Z! i( M" }
Standard IP access list 1
( W$ W" Z1 G3 X* R% V* _ 10 permit 224.1.1.2" x/ C9 n( H" K7 F2 w/ A# X4 J
R3(config)#no access-list 11 \4 r3 P9 Y0 v) U, u
R3(config)#access-list 1 permit 224.1.1.1
5 Z% }3 X: z. ZR3(config)#' s( _' L+ k1 u' x: ~- u; L( Y2 I
//题目要求挂的组是224.1.1.1 所以改回来。
4 Z- u; W5 [' {, X, h4 M! dR3(config)#do show ip pim rp map& k0 R7 X0 q% ?* j i3 G
PIM Group-to-RP Mappings8 j5 ]0 v1 f/ f9 t+ L& |
This system is an RP (Auto-RP)9 X4 U9 i5 g- n2 Z( c+ d
This system is an RP-mapping agent
7 q, ?- T1 p; @Group(s) 224.1.1.1/32
e* K# L# R- L" j1 Y0 H; X RP 10.1.1.3 (?), v2v1. R1 ?% o6 w" k- _& g( i
Info source: 10.1.1.3 (?), elected via Auto-RP7 ~, X2 i1 y+ Z; ^! p9 q" A6 w( Y
Uptime: 00:00:45, expires: 00:02:12# E5 K: R. {, C8 m$ {3 w5 [% S4 H
R3(config)#do show run int lo0! z& p: Z7 V$ L2 R
interface Loopback00 b* u% }$ o# s0 j. \# d% W
ip address 10.1.1.3 255.255.255.2554 r N% N8 L1 H- G
ip pim sparse-mode
) L$ F3 D" m5 c% }% U7 E. Aend
" B& |' O$ S2 g1 W: y ^R3(config)#
7 H( M7 r' b8 A& B+ O//Loopback0应该加入组,做映射代理。
7 E' ?: S$ M; N- O @R3(config)#int Loopback0
6 L) E) e y% T# v1 o6 [/ YR3(config-if)#ip igmp join-group 224.1.1.1
) e7 R' N6 ?) d8 F//从上面的show ip pim rp mapping可以得知:自动RP
m2 \8 C' w, @9 @2 T+ J8 g2 a 所以所有路由器都应该启用autorp listener7 _0 B0 _3 |: P+ a2 [5 O' k% _
这些就是multicast server的基本配置,接下来往下游逐一检查。
2 \6 J5 t* n- R2 Q* n5 U' U2 sR5#show run | in ip pim5 _/ R- s0 ^" K# C
ip pim sparse-mode% C3 T- V2 i+ \1 b
ip pim sparse-mode
! C$ k: I r- A8 V0 y* p ip pim sparse-mode6 z9 L; X; ^5 G. ~* n6 F
R5#show run | in inter
# _. C8 c. j8 M9 r( h) j) Linterface Loopback06 E ^/ p! ^ ]; k9 m
interface Ethernet0/0$ Q5 T6 b1 _& S# ^$ H' h
interface Ethernet1/0
/ B) ]: h* R! X6 G( R4 vR5(config)#ip pim autorp listener
! G, Q; D7 u$ S% e4 ` q yR5(config)#do show ip pim rp map. _8 V% ?( e1 s$ k) R& y
PIM Group-to-RP Mappings
. c5 R' ~5 Y0 }Group(s) 224.1.1.1/324 E7 s+ }2 @! D
RP 10.1.1.3 (?), v2v1/ ]& x) o) @( g/ p( T2 n
Info source: 10.1.1.3 (?), elected via Auto-RP
5 \5 D. H" `0 y3 B+ e6 A Uptime: 00:33:36, expires: 00:02:09
1 u; e6 C V9 d0 S3 T6 k( uR5(config)#do ping 224.1.1.1
7 w& B( v2 w. @% }" ?% q8 ^Type escape sequence to abort.. A/ N& z Y* J* U2 k( F, \
Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:
- W; q8 A2 p+ @0 A E: E, C1 pReply to request 0 from 172.16.15.9, 28 ms
8 w( s$ \3 u( tR5(config)#
$ f* |5 w& U- ~//R5学习到了映射表,查看R9是否能从R5上学习到。+ z2 w# {/ p8 W+ C" }; e9 m
R9#show run | in ip pim. V2 P9 e" u0 Y! u
ip pim sparse-mode
8 d; T" {0 _) {# ^ ip pim sparse-dense-mode
( H9 f$ [8 c% E$ J, a4 a# B ip pim sparse-dense-mode( j$ _$ r8 L3 [3 f0 i
ip pim sparse-dense-mode
" }& m* q6 @) d* y3 f8 n. C, @+ J1 m, m ip pim sparse-mode p' W8 _& D2 Z9 r3 D# w
R9#show run | in inter
1 m$ [( Z, M8 v! n5 V% Finterface Loopback0( A! C% j: P: V8 W% s
interface Ethernet0/0
7 t: _8 r- M% Qinterface Ethernet1/00 r& U5 f, G {: p; [
interface Ethernet2/06 \) L1 D2 r& [. c
interface Ethernet3/0
' T& o) p g# B# \R9#+ s! Y. V3 Z+ g
//把sparse-dense-mode改成sparse-mode,模式必须一直。7 M1 d1 I7 ?' K
R9#show run int e0/0
* a% L1 ]; Q5 Ginterface Ethernet0/0
4 P: T! c. f, f! K$ n* G a ip address 172.16.14.1 255.255.255.248
1 Q' c W4 `2 t% i7 P4 s ip pim sparse-dense-mode: I0 U! x3 l3 j
ip ospf authentication message-digest
9 R- Q# o) b2 J t. a ip ospf message-digest-key 1 md5 cisco& A8 }2 O6 P; u1 W( r4 g9 d
ip igmp access-group 10
# G5 W7 d* u" m# n# ~ half-duplex/ k5 w( S# M$ F2 ^6 c$ a$ {; G# j0 J
end+ y4 {! w% B7 M% V- a
R9(config)#int e0/0
+ @$ \; F2 L4 @. q& i- I) KR9(config-if)#ip pim spar
" ~7 {5 `9 z# ^6 G$ ]R9(config-if)#int e1/0
8 f3 T% E K' t/ `* AR9(config-if)#ip pim spar
" P5 h" I1 c& c6 `; |R9(config-if)#int e2/0
4 s* v( Y1 N6 ~- o* Z; CR9(config-if)#ip pim spar8 f K6 ]3 N6 \
R9(config-if)#do show run | in ip pim4 R/ X+ | L) \8 A7 f: [* x
ip pim sparse-mode
; X+ l9 e, ^5 {" u% N N ip pim sparse-mode& v' r: y# {) c, _" S9 N
ip pim sparse-mode
& l" n0 Q/ K! I% I6 w9 M; L ip pim sparse-mode+ V( E6 x9 ]! g. Z) h1 R3 Q
ip pim sparse-mode8 ^ a n( x- p3 y6 J8 o, B
R9(config-if)#1 b! X& d& r8 L: K. }8 E
//修改完模式后,是否有留意到端口上有个IGMP访问列表?( Z6 ]9 P N* J/ v
把访问列表修改成放行,因为访问列表最后默认有一个deny any,所以会阻止下游路由器访问。, A) V d9 W7 b4 [% @
R9#show access-list( R2 ]# ]4 w9 N" F+ A5 f- N
Standard IP access list 10
7 E) h7 n8 K9 w1 ` z 10 deny 10.1.1.3
8 x+ V+ u' P# oR9#conf t# B$ v0 O0 r+ t( j. C" R
R9(config)#no access-list 100 J7 _; {4 V* p& _& X
R9(config)#access-list 10 permit any) s- F2 p" X0 y% e! q3 H* u' n9 \
R9(config)#0 [5 }9 K6 Z: m& N3 W5 k R
R9(config)#do show access-list9 U2 A( W: r9 d# u: a7 _
Standard IP access list 10
" h% t: d1 `( D8 d 10 permit any; f, }, c. u9 f1 U3 o9 J
R9(config)#$ y" w0 c7 ?/ q3 a1 r8 d0 A
//完成后查看mapping& M/ _/ Y, P- r' i6 R
R9(config-if)#do show ip pim rp map4 [. [- G& f- \7 L8 I( \5 M5 ~
PIM Group-to-RP Mappings3 u' f6 a/ w3 c# N# w4 b
Group(s) 224.1.1.1/32- L3 w& c( N/ }- B9 X: t( |2 |
RP 10.1.1.3 (?), v2v1
8 h. Q1 q, C. z+ w) `1 s6 n Info source: 10.1.1.3 (?), elected via Auto-RP
* }- o+ G5 E8 d2 R6 p. Y- S Uptime: 00:03:29, expires: 00:02:28
2 E9 X3 O9 D" x0 E7 fR9(config)#do ping 224.1.1.17 J- Q/ M4 O) `; Z0 l
Type escape sequence to abort.
) }& Z; X# a5 X0 bSending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:6 g# f3 S8 T X& X' h6 X
Reply to request 0 from 172.16.15.9, 80 ms
: L5 N2 |5 q# f2 k# i$ R) x# [R9(config)#
7 u2 R% p3 M1 U7 _$ KR9(config)#ip pim autorp listener //记得把这句敲上$ b" w& J- T8 W% d
) [# A& @: L! ?% fR11#show run | in ip pim
6 k2 J, i4 k2 F, I0 { ~7 d& g" Y# sR11# //什么都没有,也就是R11没有启用任何组播。# M/ }- G3 T1 j p3 u0 M: T
R11(config)#ip multicast-routing
& P: M \: j( f+ HR11#show run | in int7 r3 }" P' A4 Z1 z2 W
interface Loopback0; L- e# @+ O" c% \( J4 M! x2 Y
interface Ethernet0/0
3 \9 x( v9 F# v' Qinterface Ethernet1/0
: v$ ?0 t: L kinterface Ethernet2/0) `' p6 u) J3 y8 {$ `
R11#
# S& b9 e6 ~: \4 E//在所有的接口上启用
/ D) |+ w+ c& \# p
% ?- h4 t# K1 X% z/ F* M9 bR11(config)#int lo01 x* [2 b+ `, d4 J. H9 S( \
R11(config-if)#ip pim spar
( E' \7 V8 J9 B2 Y$ \9 H' }R11(config)#int e0/0
2 H7 `5 I7 K3 ?% i# z# A6 c! `R11(config-if)#ip pim spar e/ m( V* X3 p
R11(config-if)#int e1/0
+ |$ W' Z6 \$ j7 \! xR11(config-if)#ip pim spar
4 l; U* b4 x9 ?* t# t1 E" @& oR11(config-if)#int e2/0
- ^0 O- G: P, F$ V( e- O/ g0 sR11(config-if)#ip pim spar. Z7 O5 x4 i* O Z9 e
*Mar 1 01:00:13.527: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.18 on interface Ethernet0/05 k7 w( W) R- @9 C' ~" c: }' C
*Mar 1 01:00:15.283: %PIM-5-NBRCHG: neighbor 172.16.14.33 UP on interface Ethernet1/0) n+ l6 g' l5 i! s. `7 G0 K
*Mar 1 01:00:17.215: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.34 on interface Ethernet1/0- Z4 I c- h5 a- x% |
*Mar 1 01:00:19.479: %PIM-5-NBRCHG: neighbor 172.16.14.42 UP on interface Ethernet2/0
- r. L- w4 i9 X" n/ Z ]- ?7 K*Mar 1 01:00:19.515: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.14.42 on interface Ethernet2/08 y# b" w1 l6 d) i/ l" S0 ]
*Mar 1 00:59:10.463: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 10.1.1.11 on interface Loopback0: K" P( K3 ?0 E/ N" t9 D
R11(config)#ip pim autorp listener( P0 u! [# y/ G0 {! Z
R11(config)#do show ip pim rp map
" f e2 C+ F& {9 lPIM Group-to-RP Mappings6 P( O; g4 ~5 H, B! f: A
Group(s) 224.1.1.1/32: C# Z$ U- k7 Q2 w# P3 f" @; j' ]
RP 10.1.1.3 (?), v2v1! o9 i: T) ^, F/ Z
Info source: 10.1.1.3 (?), elected via Auto-RP) q+ e2 o# z" q8 y* a1 k2 T
Uptime: 00:00:32, expires: 00:02:26
7 ~: o a: u9 p0 |* K$ vR11(config)#do ping 224.1.1.1' S+ u V' A& ?: C: c' V8 u
Type escape sequence to abort.
) Q; D/ S) @# c$ `" {7 u' K. Y. f7 w wSending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:3 ^; V9 c( f+ }2 d1 S" J
Reply to request 0 from 172.16.15.9, 152 ms& H. V: f1 |: L8 v2 ?( [' A
Reply to request 0 from 172.16.15.9, 152 ms
+ b+ [4 i0 w8 V& VR11(config)#
5 w2 t6 z7 p1 |1 b/ w//此时R11已经学习到下一跳为R3的组播信息。
! Z4 I8 N& [0 f: X# xR13(config)#ip pim autorp listener
" `; y2 @7 q; ?0 g0 r3 \R13(config-if)#do show ip pim rp map) |$ z8 F2 W1 ]# i& t' m
PIM Group-to-RP Mappings
* f/ N7 S8 s5 d' ^1 ^8 W" K; U- r( f! EGroup(s) 224.1.1.1/32
3 I! H( L7 c/ \; v. S RP 10.1.1.3 (?), v2v1
* G5 g' Q# l" p# A# s) s8 K- I Info source: 10.1.1.3 (?), elected via Auto-RP4 D0 m# m6 O! e8 M- L& d& u
Uptime: 00:01:25, expires: 00:02:33
$ A% Y" t2 d$ d Z9 hR13(config-if)#do ping 224.1.1.1
5 ~0 X" {4 n; G, P5 V% DType escape sequence to abort.
: C/ A% b. N g+ h' DSending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:* Q. M8 v' \3 ~& _
Reply to request 0 from 172.16.15.9, 112 ms% {, Y3 k. N: f$ F" b
Reply to request 0 from 172.16.15.9, 200 ms
9 {! V: W+ B j3 D* VR13(config-if)#0 j; `7 H3 S, N8 ]
9.R13 just use loopback Send trap to NMS 10.1.1.4 when R13 s0/0 down.
+ Q# n/ ?2 e2 P v0 E* w R13的s0/0上有no snmp-server trap link-state
' [4 E) y. g2 r 改成:snmp-server trap link-state1 p5 ?: ?% i5 @1 R
R13#show snmp
4 z' u) [2 w: U1 y4 f2 bSNMP logging: enabled
1 z. q8 o+ d# ~2 u, e Logging to 10.1.1.4.162, 0/10, 15 sent, 0 dropped.: O; O+ M( Y' f7 w5 u3 v% s
R13#show run | in snmp% c/ B0 v0 h' N% b" B4 x
snmp-server community cisco RO
- W H; e! p. }3 ?snmp-server trap link ietf
0 w1 D4 `- q4 U9 @& k' m6 }snmp-server trap-timeout 100
5 i) p3 _8 z' y K& P5 }snmp-server enable traps snmp linkdown linkup# K6 ]/ T% I* X9 R* i' ~5 `
snmp-server host 10.1.1.4 cisco snmp //如果没有这个命令,debug就无法出信息. k2 X! y( d1 B
R13#8 g. J9 s3 h1 F I+ y, r5 h2 p
R13(config-if)#do show run int s0/0* k* H: n1 b: X6 K
interface Serial0/05 j, a/ O& q6 C% y
no snmp trap link-status 0 ?8 y! w i3 k+ g+ {- k
end
& i! o+ `- j0 w( n+ c8 J" PR13(config-if)#snmp trap link-status( h; H: S8 t' n
R13(config)#snmp-server trap-source loopback 07 ]7 o, A. _4 d- r& Q
R13(config-if)#do show snmp' }1 Y! F4 ~+ z3 I
SNMP logging: enabled
+ j* c' i/ k' k$ M Logging to 10.1.1.4.162, 0/10, 17 sent, 0 dropped., }% L/ q+ R+ S! A
//debug snmp packets,开启这个命令后,然后把端口shutdown也可以看到效果。8 F( y6 a/ X, W: f
…………) x. Y. M. W$ D1 H! v
ifIndex.5 = 5
# ]% ?% {6 y/ f+ C2 D2 G ifAdminStatus.5 = 2 ' f- z# `- n: Z! q! {( Q
ifOperStatus.5 = 2
. v; [2 e5 Y1 \) [; p- T5 n4 B% J/ z ifDescr.5 = Serial1/0
3 j# |& H( w0 b# n' v! u8 I ifType.5 = 32
; m. ?5 B5 @4 N3 [, m0 o2 \! T; I c, h lifEntry.20.5 = administratively down + x8 s; C: f* f
//最后记得把端口重新打开
1 ^: X5 [9 r {7 y+ }10.The question with R13 & R5 roll tunnel.
1 L5 R* A: T+ x q, h7 E* g9 r+ K6 t*Mar 1 01:54:26.675: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing
3 i* o4 k. x+ }1 ]*Mar 1 01:54:27.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
; T5 k* R" h& y" i9 X( B% u+ jR5#show ip route
; R! T' i. r/ }- w3 i; E* YO 10.1.1.13 [110/31] via 172.16.14.1, 00:00:22, Ethernet1/07 }2 s& H: ~1 j* B3 G1 a6 w
R5#show ip route. U1 r! C! h: b y
S 10.1.1.13 [1/0] via 135.0.0.13
5 U% R% X# k4 h' M8 K, ]$ y//Tunnel翻滚,在UP的情况下,R5和R13是通过静态路由连接。, N7 E! _; O3 M, q1 O8 ]* l" G
在DOWN的情况下,R5和R13是通过OSPF连接。1 @& J4 w7 h' q- m
1 v' i! N+ `5 j$ T! D6 [
R5(config)#do show ip int br0 W& O6 g9 c5 g* K7 o( `. [0 V5 n
Interface IP-Address OK? Method Status Protocol
. h* p( S6 L8 P4 _& q! a" _3 \4 Y- wLoopback0 10.1.1.5 YES NVRAM up up ( N4 y/ k7 ^7 z) G! p1 _/ {
Tunnel0 135.0.0.5 YES NVRAM up down
; A2 U+ v! l, N! K. b2 Q" l. ]0 ? bR5(config)#do show run int Tunnel0: k$ U( f" w4 M K, Y+ T6 p9 h }; Q
interface Tunnel0" d/ P! B" V' z3 w+ t0 f
ip address 135.0.0.5 255.255.255.0
& K, B! M' M: N9 E6 L, s tunnel source Loopback0- O; s6 y+ G* `. s" O7 ~
tunnel destination 10.1.1.135 b/ v9 W- }, Z( Y C4 |
end# A1 ?: h5 V0 A0 z9 P8 E0 F! i5 c
R5(config)#
. _9 L+ }) \* k# W3 Y- G+ ^8 WR13#show ip int br
8 K5 }" v& i0 k8 O4 GInterface IP-Address OK? Method Status Protocol6 M2 x4 J) Q! l6 S! P+ {
Loopback0 10.1.1.13 YES NVRAM up up G, f$ F' @) G, K2 k. x# g
Tunnel0 135.0.0.13 YES NVRAM up down0 |# K" L. Z: o0 S& ?3 P
R13#show run int Tunnel0, K+ q3 |% N. H$ b
interface Tunnel0
3 c w0 p! C# X4 q, C2 S ip address 135.0.0.13 255.255.255.0/ X3 q( @ u- s) s' U
tunnel source 10.1.1.13; s ?/ A+ ?0 L: V& @
tunnel destination 10.1.1.5
; ^2 n% N+ Y0 ~ P9 Cend5 Y) z1 C; j3 ^4 ?# b; j
R13#
& l, ^* j! Y7 h$ |& l5 U$ n3 m//方法一:直接把静态路由去掉,R13和R5的路由信息会通过OSPF来发送。5 u% g: F3 M7 M) K" ^" f9 ]5 t
R13#show run | in ip route, @( l8 \' x3 r3 X$ w2 n% U
ip route 10.1.1.5 255.255.255.255 135.0.0.5
: |$ K# L1 }) T. M7 _; j( VR13(config)#no ip route 10.1.1.5 255.255.255.255 135.0.0.5
c0 Q7 q" n( J. f( `1 c2 KR5(config)#do show run | in ip route
( p% [! E V) ~" Uip route 10.1.1.13 255.255.255.255 135.0.0.13' u" y1 w! F W1 d6 {/ b( }/ ]
R5(config)#no ip route 10.1.1.13 255.255.255.255 135.0.0.133 C# T: H8 z* ?) X" J2 R
R13(config-if)#do show ip route C" p$ _# l& f1 e' ^% }) V C" J
O IA 10.1.1.5 [110/31] via 172.16.14.41, 00:01:35, Ethernet1/0 A. I4 ?: s# V4 b+ C9 e
135.0.0.0/24 is subnetted, 1 subnets5 @$ @: x8 c1 _( F
C 135.0.0.0 is directly connected, Tunnel0& J0 |) o: [: U) u% y$ h. E! q
R5(config-if)#do show ip route" d a6 H; r0 w2 A1 N" l3 ]
O 10.1.1.13 [110/31] via 172.16.14.1, 00:01:38, Ethernet1/0. g; F# p5 f' [
135.0.0.0/24 is subnetted, 1 subnets: j5 o) Y, m1 p
C 135.0.0.0 is directly connected, Tunnel0( E2 k x* H( l, j$ T( X
8 H! u. D+ Z. k# m1 w0 p
//方法二:把静态路由的下一跳改成下一跳物理接口,R13和R5的信息会通过静态路由发送。
% b4 w' A9 m+ X5 [, pR5(config)#do show run | in ip route/ T( z9 \% c6 W. K8 G' t
ip route 10.1.1.13 255.255.255.255 135.0.0.13
% I: \1 n0 k- \+ h5 M- IR5(config)#no ip route 10.1.1.13 255.255.255.255 135.0.0.13
! v9 m# T$ O/ E' d2 O! O, rR5(config)# ip route 10.1.1.13 255.255.255.255 172.16.14.1
; H4 X4 m8 q. i*Mar 1 00:05:36.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
( b& F. ^1 S0 F( w; O9 V8 s
& d) \3 H8 \1 _# r7 r4 gR13(config)#no ip route 10.1.1.5 255.255.255.255 135.0.0.5
# {' K8 X1 b) cR13(config)#no ip route 10.1.1.5 255.255.255.255 172.16.14.417 b$ T4 m' ]1 z* {( w
*Mar 1 00:05:46.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up' w! T$ Y A ^; K
R13(config)# ip route 10.1.1.5 255.255.255.255 172.16.14.411 ~* N \6 t1 k9 |. F ^
R15(config)#do show ip route! \7 f N: o) M4 d% g
S 10.1.1.13 [1/0] via 172.16.14.1# {+ j8 v5 M6 X: U4 h* v- t5 B `
135.0.0.0/24 is subnetted, 1 subnets
3 ~0 o7 I. C; g/ mC 135.0.0.0 is directly connected, Tunnel0. b+ y. A7 b( N0 e E" W. t
R13(config)#do show ip route5 L! w4 J8 Y" z$ Y
S 10.1.1.5 [1/0] via 172.16.14.41
) p+ K$ A& b, q/ e! {" t$ n 135.0.0.0/24 is subnetted, 1 subnets
% T' U! P5 a9 n7 wC 135.0.0.0 is directly connected, Tunnel0
9 ~5 k0 b8 h( e* b//战报说如果该下一跳物理接口,则需要在R5上重发布静态路由。1 n1 x4 d, @. i$ t$ h2 N
但是我不知道为什么我做不出这个问题。( z6 d! k' d( x
考试的时候看题目需求来做,如果题目明确说明不能去掉静态路由,则不要删除。
; J8 D2 G @3 [$ d Q0 Q& B& v2 c% w
P- E4 m4 d0 N$ W/ K
' r' Y6 a" R, F
* C. [ ?) u; T6 ?. [3 M; t# b# U S, S5 t
9 t# f2 J. j1 N5 i( Y
# D9 m2 q2 K1 Y: q; \ s. R% S: b6 v1 ~9 x9 r
: y1 |. _" J; w' i/ ?, h$ f, E |
评分
-
查看全部评分
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2011-8-25 11:52:19
置顶卡
喧嚣卡
变色卡
千斤顶
成长值: 64925
发表于 2011-8-25 14:06:43
