当前位置:首页 >> 信息与通信 >>

Wolf+CCIE+SP+v80+版本


CCIE SP 80 解法 更新 7/13/2009

V80

感谢:
感谢群里的朋友们,具体的名字我就不一一列举。正是有了他们无私的奉献 才有了今天 CCIE SP v80 比较完整的解法。 自此我真心的感谢帮助过我的每一个 人。 bEANR 2009-07-13

0. Swith & Vlan<

br />VLANs: 9,10,12,26,27,28,33,34,55,59,68,69,78,123

1.Bridge
1.1 frame-relay pre-configuration troubleshooting,the dlci number on R4 interface wich connect to R8 is wrong . R4 interface Serial 2/0

CCIE SP 80 解法 更新 7/13/2009

encapsulation frame-relay no frame-relay inverser-arp no fram arp no shutdown interface Serial 2/0.7 point-to-point ip add 172.9.47.4 255.255.255.0 fram inter 407 interface Serial 2/0.8 point-to-point ip add 172.9.48.4 255.255.255.0 fram inter 408 R7 interface Serial 2/0 encapsulation frame-relay no frame-relay inverser-arp no fram arp ip add 172.9.47.7 255.255.255.0 fram map ip 172.9.47.4 704 b no shutdown R8 interface Serial 2/0 encapsulation frame-relay no frame-relay inverser-arp no fram arp ip add 172.9.48.8 255.255.255.0 fram map ip 172.9.48.4 804 b no shutdown 1.2 on SW2,creat interface vlan 123 Sw2 interface vlan 123 ip address 172.9.123.11 255.255.255.0 1.3 clear useless pvc No fram inverser-arp 注意 sh fram map 如果还能看到 0.0.0.0 则保存配置重启设备。

2.ISIS
level-2 ,the task give you a diagram to tell you which 2.1 R2~R7~R8 run isis protocol, protocol,level-2 level-2,the interface should enable isis

CCIE SP 80 解法 更新 7/13/2009

R2 router isis net 47.0209.0000.0000.0002.00 is-type level-2-only interface Loopback0 ip address 9.9.0.2 255.255.255.255 ip router isis isis circuit-type level-2 interface Loopback1 ip address 9.9.0.22 255.255.255.255 ip router isis isis circuit-type level-2 interface FastEthernet0/0 no shutdown interface FastEthernet0/0.27 encapsulation dot1Q 27 ip address 9.9.27.2 255.255.255.0 ip router isis isis circuit-type level-2 interface FastEthernet0/0.28 encapsulation dot1Q 28 ip address 9.9.28.2 255.255.255.0 ip router isis isis circuit-type level-2 R7 router isis net 47.0709.0000.0000.0007.00 is-type level-2-only interface Loopback0 ip address 9.9.0.7 255.255.255.255 ip router isis isis circuit-type level-2 interface FastEthernet0/0 no shutdown interface FastEthernet0/0.27

CCIE SP 80 解法 更新 7/13/2009

encapsulation dot1Q 27 ip address 9.9.27.7 255.255.255.0 ip router isis isis circuit-type level-2 interface FastEthernet0/0.78 encapsulation dot1Q 78 ip address 9.9.78.7 255.255.255.0 ip router isis isis circuit-type level-2 R8 router isis net 47.0809.0000.0000.0008.00 is-type level-2-only interface Loopback0 ip address 9.9.0.8 255.255.255.255 ip router isis isis circuit-type level-2 interface Loopback1 ip address 9.9.0.88 255.255.255.255 ip router isis isis circuit-type level-2 interface FastEthernet0/0 no shutdown interface FastEthernet0/0.28 encapsulation dot1Q 28 ip address 9.9.28.8 255.255.255.0 ip router isis isis circuit-type level-2 interface FastEthernet0/0.78 encapsulation dot1Q 78 ip address 9.9.78.8 255.255.255.0 ip router isis isis circuit-type level-2 2.2 R6~R9 run isis protocol,can not elect DIS between two routers. On R9 routing table ,the metric value of R6 loopback should be 256. On R6 routing table ,the metric value of R9 loopback should be 80.

CCIE SP 80 解法 更新 7/13/2009

R6 router isis net 47.0609.0000.0000.0006.00 is-type level-2-only metric-style wide interface Loopback0 ip address 9.9.0.6 255.255.255.255 ip router isis isis circuit-type level-2 isis metric 246 level-2 interface FastEthernet0/0 no shutdown interface FastEthernet0/0.69 encapsulation dot1Q 69 ip address 9.9.69.6 255.255.255.0 ip router isis isis circuit-type level-2-only isis network point-to-point no isis hello padding R9 router isis net 47.0909.0000.0000.0009.00 is-type level-2-only metric-style wide interface Loopback0 ip address 9.9.0.9 255.255.255.255 ip router isis isis circuit-type level-2 isis metric 70 level-2 interface FastEthernet0/0 no shutdown interface FastEthernet0/0.69 encapsulation dot1Q 69 ip address 9.9.69.9 255.255.255.0 ip router isis isis circuit-type level-2-only isis network point-to-point

CCIE SP 80 解法 更新 7/13/2009

no isis hello padding 2.3 Guarantee R2 is the DIS on vlan 27 and vlan 28. R2 interface range FastEthernet0/0.27 , FastEthernet0/0.28 isis priority 127 2.4 Between R6 and R9 prevent DIS and make sure it has the least lsp packets. R6/R9 router isis max-lsp-lifetime 65535 lsp-refresh-interval 32768 #设置成一半 interface FastEthernet0/0.69 isis lsp-interval 10 isis retransmit-interval 60

3.BGP
, every router have two ibgp neighbor . 3.1 AS278 R2~R7~R8, AS278 do not contain RR RR, neighbor. (ibgp) R2 router bgp 278 no auto-summary no synchronization bgp router-id 9.9.0.2 no bgp default ipv4-unicast neighbor 9.9.0.7 remote-as 278 neighbor 9.9.0.7 update-source Loopback0 neighbor 9.9.0.8 remote-as 278 neighbor 9.9.0.8 update-source Loopback0 address-family ipv4 neighbor 9.9.0.7 activate neighbor 9.9.0.7 next-hop-self neighbor 9.9.0.8 activate neighbor 9.9.0.8 next-hop-self network 9.9.0.2 mask 255.255.255.255 R7 router bgp 278 no auto-summary no synchronization bgp router-id 9.9.0.7

CCIE SP 80 解法 更新 7/13/2009

no bgp default ipv4-unicast neighbor 9.9.0.2 remote-as 278 neighbor 9.9.0.2 update-source Loopback0 neighbor 9.9.0.8 remote-as 278 neighbor 9.9.0.8 update-source Loopback0 address-family ipv4 neighbor 9.9.0.2 activate neighbor 9.9.0.8 activate network 9.9.0.7 mask 255.255.255.255 R8 router bgp 278 no auto-summary no synchronization bgp router-id 9.9.0.8 no bgp default ipv4-unicast neighbor 9.9.0.2 remote-as 278 neighbor 9.9.0.2 update-source Loopback0 neighbor 9.9.0.7 remote-as 278 neighbor 9.9.0.7 update-source Loopback0 address-family ipv4 neighbor 9.9.0.2 activate neighbor 9.9.0.2 next-hop-self neighbor 9.9.0.7 activate neighbor 9.9.0.7 next-hop-self network 9.9.0.8 mask 255.255.255.255 3.2 AS69 R6~R9 (ibgp) R6 router bgp 69 no auto-summary no synchronization bgp router-id 9.9.0.6 no bgp default ipv4-unicast neighbor 9.9.0.9 remote-as 69 neighbor 9.9.0.9 update-source Loopback0 address-family ipv4 neighbor 9.9.0.9 activate neighbor 9.9.0.9 next-hop-self network 9.9.0.6 mask 255.255.255.255

CCIE SP 80 解法 更新 7/13/2009

R9 router bgp 69 no auto-summary no synchronization bgp router-id 9.9.0.9 no bgp default ipv4-unicast neighbor 9.9.0.6 remote-as 69 neighbor 9.9.0.6 update-source Loopback0 address-family ipv4 neighbor 9.9.0.6 activate neighbor 9.9.0.6 next-hop-self network 9.9.0.9 mask 255.255.255.255 3.3 Ebgp,R2~R6,R8~R6,R6~BB2,use local-as YY (eBGP) R2 router bgp 278 neighbor 9.9.26.6 remote-as 69 address-family ipv4 neighbor 9.9.26.6 activate R8 router bgp 278 neighbor 9.9.68.6 remote-as 69 address-family ipv4 neighbor 9.9.68.6 activate R6 router bgp 69 neighbor 9.9.26.2 remote-as 278 neighbor 9.9.68.8 remote-as 278 neighbor 150.2.9.254 remote-as 254 neighbor 150.2.9.254 local-as 9 no-prepend address-family ipv4 neighbor 9.9.26.2 activate neighbor 9.9.68.8 activate neighbor 150.2.9.254 activate maximum-paths 2 3.4 Route optimize On r6, the route learn from BB2(community 0:254) must have community 278:278 on

CCIE SP 80 解法 更新 7/13/2009

AS278,have community 69:69 on AS69. R6 要求学习到 BB2 、AS278 、AS69 的路由。注 意题目是否有追加团体属性的意思。 R2 router bgp 278 address-family ipv4 neighbor 9.9.0.7 send-community neighbor 9.9.0.8 send-community neighbor 9.9.26.6 send-community R7 router bgp 278 address-family ipv4 neighbor 9.9.0.2 send-community neighbor 9.9.0.8 send-community R8 router bgp 278 address-family ipv4 neighbor 9.9.0.2 send-community neighbor 9.9.0.7 send-community neighbor 9.9.68.6 send-community R6 ip prefix-list BB2 permit 197.68.0.0/19 le 32 route-map FROMBB2 permit 10 match ip address prefix-list BB2 set community 69:69 route-map FROMBB2 permit 20 route-map TOR6 permit 10 match ip address prefix-list BB2 set community 278:278 route-map TOR6 permit 20 router bgp 69 address-family ipv4 neighbor 9.9.0.9 send-community neighbor 9.9.26.2 send-community neighbor 9.9.26.2 route-map TOR6 out neighbor 9.9.68.8 send-community neighbor 9.9.68.8 route-map TOR6 out

CCIE SP 80 解法 更新 7/13/2009

neighbor 150.2.9.254 route-map FROMBB2 in R9 router bgp 69 address-family ipv4 neighbor 9.9.0.6 send-community 3.5 On AS278,when visit BB2,select R8 as the main exit,R2 as secondary.when visit AS69,select R2 as the main exit,R8 as secondary. (On R2) R2 ip access-list standard BB2 permit 197.68.0.0 0.0.31.0 access-list 69 permit 9.9.0.6 access-list 69 permit 9.9.0.9 route-map LOC permit 10 match ip address 69 set local-preference 200 route-map LOC permit 20 match ip address BB2 set local-preference 20 route-map LOC permit 30 router bgp 278 address-family ipv4 neighbor 9.9.26.6 route-map LOC in

4.MPLS
4.1 Enable mpls on AS278(R2/R7/R8) and AS69(R6/R9),run ldp protocol,select loopback 0 as the ldp route-id. R2/R7/R8 ip cef mpls label protocol ldp mpls ldp router-id Loopback0 mpls label range x00 x99 interface FastEthernet0/0.xx mpls ip R6/R9 ip cef mpls label protocol ldp

CCIE SP 80 解法 更新 7/13/2009

mpls ldp router-id Loopback0 mpls label range x00 x99 interface FastEthernet0/0.xx mpls ip 4.2&4.3 MPLS Traffice Engineer (这里是不是需要将静态路由重发布到 ISIS 里面) When R2 access R8 loopback 1(9.9.0.88),establish a tunnel,RSVP 20M,tunnel 5M,use static route When R8 access R2 loopback 1(9.9.0.22),establish a tunnel,RSVP 20M,tunnel 5M,use static route R2/R7/R8 mpls traffic-eng tunnels interface FastEthernet0/0.xx mpls traffic-eng tunnels ip rsvp bandwidth 20000 R2/R8 router isis metric-style wide mpls traffic-eng router-id Loopback1 mpls traffic-eng level-2 mpls traffic-eng multicast-intact R7 router isis metric-style wide mpls traffic-eng router-id Loopback0 mpls traffic-eng level-2 R2 interface Tunnel28 ip unnumbered Loopback1 tunnel destination 9.9.0.88 tunnel mode mpls traffic-eng tunnel mpls traffic-eng priority 0 0 tunnel mpls traffic-eng bandwidth 5000 tunnel mpls traffic-eng path-option 10 explicit name T872 ip explicit-path name T872 enable next-address 9.9.27.7 next-address 9.9.78.8

CCIE SP 80 解法 更新 7/13/2009

ip route 9.9.0.88 255.255.255.255 tunnel28 R8 interface Tunnel28 ip unnumbered Loopback1 tunnel destination 9.9.0.22 tunnel mode mpls traffic-eng tunnel mpls traffic-eng priority 0 0 tunnel mpls traffic-eng bandwidth 5000 tunnel mpls traffic-eng path-option 10 explicit name T872 ip explicit-path name T872 enable next-address 9.9.78.7 next-address 9.9.27.2 ip route 9.9.0.22 255.255.255.255 tunnel28

5.VPN
R2 router bgp 278 address-family vpnv4 neighbor 9.9.0.7 activate neighbor 9.9.0.7 next-hop-self neighbor 9.9.0.7 send-community extended neighbor 9.9.0.8 activate neighbor 9.9.0.8 next-hop-self neighbor 9.9.0.8 send-community extended R7 router bgp 278 address-family vpnv4 neighbor 9.9.0.2 activate neighbor 9.9.0.2 send-community extended neighbor 9.9.0.8 activate neighbor 9.9.0.8 send-community extended R8 router bgp 278 address-family vpnv4 neighbor 9.9.0.2 activate neighbor 9.9.0.2 next-hop-self neighbor 9.9.0.2 send-community extended neighbor 9.9.0.7 activate

CCIE SP 80 解法 更新 7/13/2009

neighbor 9.9.0.7 next-hop-self neighbor 9.9.0.7 send-community extended R6 router bgp 69 address-family vpnv4 neighbor 9.9.0.9 activate neighbor 9.9.0.9 next-hop-self neighbor 9.9.0.9 send-community extended R9 router bgp 69 address-family vpnv4 neighbor 9.9.0.6 activate neighbor 9.9.0.6 send-community extended 5.1 ABC SITE 1(RD 278:78): R4-R3 run ospf protocol,R4 and R7/R8 run BGP, R3 interface Loopback0 ip address 172.9.0.3 255.255.255.255 interface FastEthernet0/0.34 encapsulation dot1Q 34 ip address 172.9.34.3 255.255.255.0 router ospf 34 router-id 172.9.0.3 network 172.9.0.3 0.0.0.0 area 0 network 172.9.34.0 0.0.0.255 area 0 R4 interface Loopback0 ip address 172.9.0.4 255.255.255.255 interface FastEthernet0/0.34 encapsulation dot1Q 34 ip address 172.9.34.4 255.255.255.0 router ospf 34 router-id 172.9.0.4 redistribute bgp 45 subnets passive-interface Loopback0 network 172.9.0.4 0.0.0.0 area 0 network 172.9.34.0 0.0.0.255 area 0

CCIE SP 80 解法 更新 7/13/2009

router bgp 45 bgp router-id 172.9.0.4 no bgp default ipv4-unicast neighbor 172.9.47.7 remote-as 278 neighbor 172.9.48.8 remote-as 278 address-family ipv4 redistribute ospf 34 match internal external 1 external 2 neighbor 172.9.47.7 activate neighbor 172.9.48.8 activate R7 ip vrf ABC rd 278:78 route-target export 278:78 route-target import 278:78 interface Serial2/0 ip vrf forwarding ABC ip address 172.9.47.7 255.255.255.0 router bgp 278 address-family ipv4 vrf ABC neighbor 172.9.47.4 remote-as 45 neighbor 172.9.47.4 activate R8 ip vrf ABC rd 278:78 route-target export 278:78 route-target import 278:78 interface Serial1/0 ip vrf forwarding ABC ip address 172.9.48.8 255.255.255.0 router bgp 278 address-family ipv4 vrf ABC neighbor 172.9.48.4 remote-as 45 neighbor 172.9.48.4 activate 5.2 ABC SITE 2(RD 278:2): R1(site 2)-R2 run ospf ,R2-BB1 Run rip v2 R1

CCIE SP 80 解法 更新 7/13/2009

interface Loopback0 ip address 172.9.0.1 255.255.255.255 interface FastEthernet0/0.11 encapsulation dot1Q 11 ip address 172.9.11.1 255.255.255.0 interface FastEthernet0/0.12 encapsulation dot1Q 12 ip address 172.9.12.1 255.255.255.0 router ospf 12 router-id 172.9.0.1 network 172.9.0.1 0.0.0.0 area 0 network 172.9.11.0 0.0.0.255 area 0 network 172.9.12.0 0.0.0.255 area 0 R2 ip vrf ABC rd 278:2 route-target export 278:2 route-target import 278:2 interface FastEthernet0/0.9 encapsulation dot1Q 9 ip vrf forwarding ABC ip address 150.1.9.1 255.255.255.0 interface FastEthernet0/0.12 encapsulation dot1Q 12 ip vrf forwarding ABC ip address 172.9.12.2 255.255.255.0 access-list 10 permit 199.172.0.0 0.0.7.0 router rip version 2 no auto-summary address-family ipv4 vrf ABC redistribute bgp 278 metric 1 redistribute ospf 12 vrf ABC metric 1 network 150.1.0.0 distribute-list 10 in

CCIE SP 80 解法 更新 7/13/2009

no auto-summary version 2 router ospf 12 vrf ABC router-id 172.9.12.2 log-adjacency-changes redistribute bgp 278 subnets redistribute rip subnets network 172.9.12.0 0.0.0.255 area 0 router bgp 278 address-family ipv4 vrf ABC redistribute rip redistribute ospf 12 match internal external 1 external 2 5.3 ABC SITE 3(RD 69:9): R5-R9 run ospf , ABC1-2-3 can access each other. BGP , AS267 and AS89 do not contain VPNv4 RR. R6-R2 and R6-R8 is MP MPBGP BGP, R2 router bgp 278 address-family vpnv4 neighbor 9.9.26.6 activate neighbor 9.9.26.6 send-community extended R8 router bgp 278 address-family vpnv4 neighbor 9.9.68.6 activate neighbor 9.9.68.6 send-community extended R6 router bgp 69 no bgp default route-target filter address-family vpnv4 neighbor 9.9.26.2 activate neighbor 9.9.26.2 send-community extended neighbor 9.9.68.8 activate neighbor 9.9.68.8 send-community extended R5 interface Loopback0 ip address 172.9.0.5 255.255.255.255 interface FastEthernet0/0.59 encapsulation dot1Q 59

CCIE SP 80 解法 更新 7/13/2009

ip address 172.9.59.5 255.255.255.0 router ospf 59 route-id 172.9.0.5 network 172.9.0.5 0.0.0.0 area 0 network 172.9.59.0 0.0.0.255 area 0 R9 ip vrf ABC rd 69:9 route-target export 69:9 route-target import 69:9 route-target import 278:78 route-target import 278:2 interface FastEthernet0/0.59 encapsulation dot1Q 59 ip vrf forwarding ABC ip address 172.9.59.9 255.255.255.0 router ospf 59 vrf ABC router-id 172.9.59.9 redistribute bgp 69 subnets network 172.9.59.0 0.0.0.255 area 0 router bgp 69 address-family ipv4 vrf ABC redistribute ospf 59 vrf ABC match internal external 1 external 2 R7/R8 ip vrf ABC route-target import 278:2 route-target import 69:9 bgp next-hop Loopback0 R2 ip vrf ABC route-target import 278:78 route-target import 69:9 bgp next-hop Loopback0 ABC VPN control: On site1,select R7 as the main exit,R8 as secondary, when site1 visit site3 ,select R2 as the main exit,R8 as secondary,

CCIE SP 80 解法 更新 7/13/2009

R7 route-map MED permit 10 set metric 50 route-map LOCv4 permit 10 set local-preference 200 router bgp 278 address-family ipv4 neighbor 172.9.47.4 route-map MED out address-family vpnv4 neighbor 9.9.0.2 route-map LOCv4 out 5.4 There is a serial interface between R3 and R8,run atom(ppp over mpls),let SW2 can communicate with R3. 注意和 V60 的不同 R3->R8 走的串口线 R3 interface Serial 2/2 ip address 172.9.123.3 255.255.255.0 encapsulation ppp no peer neighbor-route router rip version 2 passive-interface default no passive-interface Serial 2/2 network 172.9.0.0 no auto-summary SW2 interface Loopback0 ip address 172.9.0.22 255.255.255.255 interface vlan 123 ip address 172.9.123.11 255.255.255.0 router rip version 2 network 172.9.0.0 no auto-summary R7 pseudowire-class PW100 encapsulation mpls

CCIE SP 80 解法 更新 7/13/2009

interworking ip interface FastEthernet0/0.123 encapsulation dot1Q 123 xconnect 9.9.0.8 100 pw-class PW100 R8 pseudowire-class PW100 encapsulation mpls interworking ip interface Serial2/2 no ip address encapsulation ppp clockrate 252000 xconnect 9.9.0.7 100 pw-class PW100 5.5 Between R1 and R7, R5 and R9,run l2tpv3. R1 ip vrf L2PPP rd 15:1 interface Loopback1 ip vrf forwarding L2PPP ip address 172.9.0.11 255.255.255.255 interface Serial 2/2 ip vrf forwarding L2PPP ip address 172.9.15.1 255.255.255.0 encapsulation ppp no peer neighbor-route router rip version 2 no auto-summary address-family ipv4 L2PPP network 172.9.0.0 no auto-summary version 2 R5 ip vrf L2PPP rd 15:5

CCIE SP 80 解法 更新 7/13/2009

interface Loopback1 ip vrf forwarding L2PPP ip address 172.9.0.55 255.255.255.255 interface Serial 2/2 ip vrf forwarding L2PPP ip address 172.9.15.5 255.255.255.0 encapsulation ppp no peer neighbor-route router rip address-family ipv4 L2PPP network 172.9.0.0 no auto-summary version 2 R7 pseudowire-class PW200 encapsulation l2tpv3 ip local interface Loopback0 ip tos value 160 interface Serial 2/2 no ip address encapsulation ppp clockrate 252000 ? 这里是串口取的近似值 xconnect 9.9.0.9 200 encapsulation l2tpv3 pw-class PW200 R9 pseudowire-class PW200 encapsulation l2tpv3 ip local interface Loopback0 ip tos value 160 interface Serial1/2 no ip address encapsulation ppp clockrate 252000 ? 这里是串口取的近似值 xconnect 9.9.0.7 200 encapsulation l2tpv3 pw-class PW200 5.6 XYZ SITE 1 R3 Ethernet interface can access XYZ SITE 2 R5 and SW1 R3 ip vrf XYZ

CCIE SP 80 解法 更新 7/13/2009

rd 34:3 route-target export 34:3 route-target import 34:3 interface Loopback1 ip vrf forwarding XYZ ip address 172.9.0.33 255.255.255.255 interface FastEthernet0/0.33 encapsulation dot1Q 33 ip vrf forwarding XYZ ip address 172.9.33.3 255.255.255.0 SW1 interface Vlan55 ip address 172.9.57.10 255.255.255.0 R5 ip vrf XYZ rd 34:3 route-target export 34:3 route-target import 34:3 interface FastEthernet0/0.55 encapsulation dot1Q 55 ip vrf forwarding XYZ ip address 172.9.57.5 255.255.255.0 5.7 MPLS CSC,AS278 and AS69 is main ISP, ABC site is sub-ISP. Make sure XYZ site 1/2 can access each other. (R3-R5 RUN VPNv4 ,bgp45 ,R4-R7-R8 cannot enable ldp) R3 ip cef mpls label protocol ldp mpls ldp router-id Loopback0 mpls label range 300 399 interface FastEthernet0/0.34 mpls ip router bgp 45 bgp router-id 172.9.0.3 no bgp default ipv4-unicast bgp log-neighbor-changes

CCIE SP 80 解法 更新 7/13/2009

neighbor 172.9.0.5 remote-as 45 neighbor 172.9.0.5 update-source Loopback0 address-family vpnv4 neighbor 172.9.0.5 activate neighbor 172.9.0.5 send-community both address-family ipv4 vrf XYZ redistribute connected R4 ip cef mpls label protocol ldp mpls ldp router-id Loopback0 mpls label range 400 499 interface FastEthernet0/0.34 mpls ip router ospf 34 redistribute bgp 45 subnets router bgp 45 address-family ipv4 neighbor 172.9.47.7 send-label neighbor 172.9.48.8 send-label network 172.8.0.4 mask 255.255.255.255 network 172.8.47.0 mask 255.255.255.0 network 172.8.48.0 mask 255.255.255.0 R7/R8 router bgp 278 address-family ipv4 vrf ABC neighbor 172.9.4x.4 send-label R5 ip cef mpls label protocol ldp mpls ldp router-id Loopback0 mpls label range 500 599 interface FastEthernet0/0.59 mpls ip

? 这里必须要发这 3 条,如果不发布,则 R7/R8 上看不到 R3 的 lo0 被分配标签, 同时 R5 到 R3 的 tracert 可能出现 R4 是* * *

CCIE SP 80 解法 更新 7/13/2009

router rip version 2 no auto-summary address-family ipv4 vrf XYZ redistribute bgp 45 metric 1 network 172.9.0.0 no auto-summary version 2 router bgp 45 bgp router-id 172.9.0.5 no bgp default ipv4-unicast neighbor 172.9.0.3 remote-as 45 neighbor 172.9.0.3 update-source Loopback0 address-family vpnv4 neighbor 172.9.0.3 activate neighbor 172.9.0.3 send-community both address-family ipv4 vrf XYZ redistribute rip R9 interface FastEthernet0/0.59 mpls ip SW1 router rip version 2 network 172.9.0.0 no auto-summary 5.8 VPN 路径优化 ABC site 3 访问 ABC site 2 (R9-R6-R2) ? 很多解法都没有此处 两种解法 R6 解法一: ip prefix-list S2 seq 5 permit 199.172.0.0/19 le 32 ip prefix-list S2 seq 10 permit 150.1.9.0/24 ip prefix-list S2 seq 15 permit 172.9.0.1/32 ip prefix-list S2 seq 20 permit 172.9.12.0/24 route-map FROMR6v4 permit 10

CCIE SP 80 解法 更新 7/13/2009

match ip address prefix-list S2 set local-preference 200 route-map FROMR6v4 permit 20 ============== 解法二: (推荐) ip extcommunity-list 23 permit rt 278:2 route-map FROMR6v4 permit 10 match extcommunity 23 set local-preference 200 route-map FROMR6v4 permit 20 ============================== router bgp 69 address-family vpnv4 neighbor 9.9.26.2 route-map FROMR6v4 in

6.Multicast
6.1 Enable multicast on AS278 and AS69. use static rp. (or R8 and R6 is RP, use BSR) R2 : lo 0, fa 0/0.26, fa0/0.27, fa 0/0.28 R7 : lo 0, fa 0/0.27, fa 0/0.78 R8 : lo 0, fa 0/0.28, fa 0/0.68, fa 0/0.78 R6 : lo 0, fa 0/0.69 R9 : lo 0, fa 0/0.69 R2/R7/R8/R6/R9 ip multicast-routing interface Loopback0 ip pim sparse-mode interface FastEthernet0/0.xx ip pim sparse-mode R6/R8 ip pim bsr-candidate Loopback0 ip pim rp-candidate Loopback0 R2

CCIE SP 80 解法 更新 7/13/2009

interface FastEthernet0/0.26 ip pim bsr-border ip pim sparse-mode R6 interface FastEthernet0/0.26 ip pim bsr-border ip pim sparse-mode interface FastEthernet0/0.68 ip pim bsr-border ip pim sparse-mode R8 interface FastEthernet0/0.68 ip pim bsr-border ip pim sparse-mode 6.2 AS278 and AS69 access each other.use msdp R6 ip msdp peer 9.9.0.8 connect-source Loopback0 remote-as 278 ip msdp originator-id Loopback0 R8 ip msdp peer 9.9.0.6 connect-source Loopback0 remote-as 69 ip msdp originator-id Loopback0 6.3 On ABC Site 1,R3 、 R4 、 R7 、 R8 enable Multicast ,R4 lo0 is bsr RP, R3 lo0 join group 239.255.3.3) R3 ip multicast-routing interface Loopback0 ip pim sparse-mode ip igmp join-group 239.255.3.3 interface FastEthernet0/0.34 ip pim sparse-mode R4 ip multicast-routing interface Loopback0 ip pim sparse-mode

CCIE SP 80 解法 更新 7/13/2009

interface FastEthernet0/0.34 ip pim sparse-mode interface Serial 2/0.7 point-to-point ip pim sparse-mode ip pim dr-priority 255 ? 在帧中继线路上 DR 选举应该靠近 RP 端 interface Serial 2/08 point-to-point ip pim sparse-mode ip pim dr-priority 255 ip pim bsr-candidate Loopback0 ip pim rp-candidate Loopback0 R7/R8 ip multicast-routing vrf ABC ip vrf ABC mdt default 239.1.1.1 mdt data 239.3.1.0 0.0.0.255 threshold 1 interface Serial 2/0 ip pim sparse-mode 6.4 inter-as multicast vpn:Between ABC Site 1/2, R1、R2 enable Multicast, On AS278 (make sure R1 can access BSR:R4 lo0) R1 ip multicast-routing ip pim rp-address 172.9.0.4 interface Loopback0 ip pim sparse-mode interface FastEthernet0/0.12 ip pim sparse-mode R2 ip multicast-routing vrf ABC ip pim vrf ABC rp-address 172.9.0.4 ip vrf ABC mdt default 2391.1.1 mdt data 239.3.1.0 0.0.0.255 threshold 1

CCIE SP 80 解法 更新 7/13/2009

ip pim vrf ABC register-source Tunnel0 R1: ping 239.255.3.3 !!!!!

7.Feature 7.1 Between R5 and R9,make make ospf encryption. R5/R9 router ospf 59 area 0 authentication message-digest interface FastEthernet0/0.59 ip ospf message-digest-key 10 md5 cisco 7.2 Between R5 and R9,make make mpls ldp encryption. R5/R9 mpls ldp neighbor 172.9.59.x password cisco AS278 fragment attack 7.3 On R6,prevent R6,preventAS278 R6 logging on logging console logging buffered service timestamps log datetime localtime access-list 199 deny ip 9.9.0.0 0.0.255.255 any fragments log-input access-list 199 permit ip any any interface FastEthernet0/0.26 ip access-group 199 in interface FastEthernet0/0.68 ip access-group 199 in 7.4 set ip precendence to 5 of l2tpv3 packets R7 R9 R7/R9 class-map L2MARK match any policy-map L2MARK class L2MARK set ip precedence tunnel 5 interface Serial2/2

CCIE SP 80 解法 更新 7/13/2009

service-policy input L2MARK 检验: R9 interface Serial2/2 ip accounting precendence input 从 R1 ping R5 100 个包,然后在 R9 上 show interface precendence,就能看到结果。 7.5 NTP,make R6 as ntp server,AS278 get time from R6. R3 and R4 get time from R8. R6 clock set xx:xx:xx aug xx 2009 clock timezone GMT 8 ntp source lo0 ntp master 1 R2/R7 clock timezone GMT 8 ntp server 9.9.0.6 source lo0 R8 clock timezone GMT 8 ntp server 9.9.0.6 source lo0 R3/R4 clock timezone GMT 8 ntp server 172.9.48.8 source lo0 R3/R4/R8 show ntp associations

查看时间同步


相关文章:
更多相关标签: