CCIE-RS-N4.MC

一、Bridging & Switching
Frame Relay Configuration
●Configure IP across your frame relay network
●The frame could provide for you is fully meshed. However you must only use
the PVC's indicated on Diagram user of any dynamic circuits is not permitted.
●Do not use sub-interfaces for the frame relay links on all routers
●Ensure you can ping all frame relay interfaces (include self)
●Configure the Frame Relay connection between R1 and R3 as indicated in
Diagrams 1 and 3.
●Configure the Frame Relay connection between R2 and R6 as indicated in
Diagrams 1 and 3.
●Configure the Frame Relay connection between R2,R4 and R5 as indicated in
Diagrams 1 and 3.
●Each router must ping its own Frame Relay interface.
●Dynamic mapping should NOT exist on any router.
●Mapping for "ip 0.0.0.0"should NOT exist on any router.
R1
Int s0/0
Ip add yy.yy.13.1 255.255.255.0
No arp fram
No frame-relay inv
Fram-relay map ip yy.yy.13.1 103 b
Fram-relay map ip yy.yy.13.3 103 b
R3
Inter s0/0
Ip add yy.yy.13.3 255.255.255.0
No arp fram
No fram inv
Fram map ip yy.yy.13.1 301 b
Fram map ip yy.yy.13.3 301 b
R2
Int s0/0
Ip add yy.yy.245.2 255.255.255.0
No arp fram
No fram inv
Fram map ip yy.yy.245.2 205 b Fram map ip yy.yy.245.5.205 b Fram map ip yy.yy.245.4 205 b
Inter s0/1
Ip add yy.yy.26.2 255.255.255.0 No arp fram
No fram inv
Fram map ip yy.yy.26.6 216 b Fram map ip yy.yy.26.2 216 b
R6
Int s0/1
Ip add yy.yy.26.6 255.255.255.0 No arp fram
No fram inv
Fram map ip yy.yy.26.2 612 b Fram map ip yy.yy.26.6 612 b
R5
Int s0/0
Ip add yy.yy.245.5 255.255.255.0 no fram inv
No arp fram
Fram map ip yy.yy.245.2 502 b Fram mao ip yy.yy.245.4 504 b Fram map ip yy.yy.245.5 502 b
R4
Int s0/0
Ip add yy.yy.245.4 255.255.255.0
No fram inv
No arp fram
Fram map ip yy.yy.245.4 405 b
Fram map ip yy.yy.245.5 405 b
Fram map ip yy.yy.245.2 405 b
如果接口被封装成PPPOF，这么做
inter s0/0
en frame
no frame inv
No arp fram
No ip add
frame-relay interface-dlci 102 xxx virtual-templete 1
no sh
int virtual-temp 1
ip add xx.xx.xx.xx zz.zz.zz.zz
ppp chap username xxx ←这里应该是hostname “?”不出来username !!!!!!
ppp chap password zzz
Trunking
●Create trunking among the four switches meeting the following
requirements,Trunking will be formed unconditionally.
●Trunk will be formed unconditionally use ISL choose encapsulation
●Create area Trunk between R6 and SW2, only VLAN BB3 and VLAN B must
be allow in the Trunk
SW1/SW2/SW3/SW4
Inter ra f0/21 -22
Shutdown
Inter ra f0/19 -20 ,f0/23 -24
Switch trunk encapsulation isl
Switch mode trunk
SW2
Inter f0/6
Switch trunk encapsulation dot1
Switch mode trunk
Switch trunk allow vlan 13,22
R6
Inter e0/1.13
Encapsulation dot1q 13
Ip address 150.3.yy.1 255.255.255.0
Inter e0/1.22
Encapsulation dot1q 22
Ip address yy.yy.62.6 255.255.255.0
VTP
●VTP is partically configured on Switches Sw1 ,Sw2 ,Sw3 and Sw4. Complete
the VTP configuration with the following requirements
●VTP domain name is "RackYY"
●Sw1 will propagate all VLAN configration changes to Sw2 ,Sw3 and Sw4
●Secure the VTP advertisements to be sent. Use "cisco" as your key
In the future. These four switches will be configured as VTP transparent.
They should NOT inspect the VTP domain name and version, and they support unrecognized Type-Length-Value (TLV)
SW1 Server
VTP Domain RackYY
VTP mode server
SW2/SW3/SW4 client
VTP Domain RackYY
VTP mode client
SW1 Server
VTP ver 2
Vtp pass cisco
SW2/SW3/SW4 client
Vtp pass cisco
VLAN
SVI
●Configure a VLAN subnet YY.YY.90.0/24 that includes ONLY Switches Sw1、
Sw2、Sw3 and Sw4. This VLAN number is 100. Name it "VLAN_SWITCHES"
●The ip addresses of the four swithes on VLAN 100 are as follows:
SW1
Inter vlan 100
Ip address yy.yy.90.1 255.255.255.0
No sh
Inter f0/3
No switchport
Ip address yy.yy.33.7 255.255.255.0
No shutdown
Inter f0/6
No switchport
Ip address yy.yy.36.7 255.255.255.0
No shutdown
SW2
Inter vlan 100
Ip add yy.yy.90.2 255.2552.55.0
No sh
SW3
Inter vlan 100
Ip add yy.yy.90.3 255.255.255.0
No sh
SW4
Inter vlan 100
Ip add yy.yy.90.4 255.255.255.0
No sh
802.1Q Tunnel
●Configure Sw1 and Sw2 for 802.1Q Tunneling as follow:
●Create VLAN#50,name CUSTOMER_1
●Sw1-Fa0/5 connects with R5-Gi0/0.Do not assign an IP address to this
interface on R5 or Sw1
●Sw2-Fa0/3 connects with R3-Gi0/1.Do not assign an IP address to this
interface on R3 or Sw2
●Tunnel VLAN CUSTOMER_1 between Sw1 and Sw2
●You are not allowed to configure the command "ip mtu".
SW1/SW2
l2protocol-tunnel
System mtu 1504
(write ……reload)
SW1
Inter f0/5
Switchport access vlan 50
Switchport mode dot1q-tunnel
L2protocol-tunnel（到底要不要？）
SW2
Inter f0/3
Switchport access vlan 50
Switchport mode dot1q-tunnel
L2protocol-tunnel
Etherchannel
Create EtherChannels among Sw1 ,Sw2 ,Sw3 and Sw4 so that all EtherChannels will be formed unconditionally NOT using any protocol negotiation.
SW1
Inter range f0/19 -20
Channel-group 13 mode on
Inter range f0/23 -24
Channel-group 12 mode on
SW2
Inter range f0/19 -20
Channel-group 24 mode on
Inter range f0/23 -24
Channel-group 12 mode on
SW3
Inter range f0/19 -20
Channel-group 13 mode on
Inter range f0/23 -24
Channel-group 34 mode on
SW4
Inter range f0/19 -20
Channel-group 24 mode on
Inter range f0/23 -24
Channel-group 34 mode on
load balancing
●R4 is sending packets to many hosts on VLAN_BB2 注意此需求确认使用
src-mac还是dst-mac
●Configure SW1 SW2 so that the traffic is efficiently distributed across the physical links
SW1
Port-channel load-balancing dst-mac
SW2
Port-channel load-balancing src-mac
spanning-tree MST
●Spanning-tree of VLAN 11, 21, 100
●The VLANs with ports assign on only one Switch share one common
Spanning-tree
●The VLANs with ports assign to more than one Switch share another tree for
each tree
The Switch with the highest number as the root Switch, all other VLANs share default instance
SW1/SW2/SW3/SW4
Spanning mode mst
Spanning mst configuration
Re 1
Name ccie
Instance 1 vlan 11,21
Instance 2 vlan 100
SW1
Spanning-tree mst 1 root pri
SW4
Spanning-tree mst 2 root pri
UDLD
●To avoid Spanning-tree topology loops that caused by area bad-cable
between SW3 SW4
●Configure your Switches so that the affected ports are disabled if area
unidirectional link is detected
避免SW3和SW4之间出现单向环路
SW3/SW4
Inter range f0/23 -24
Udld port aggressive
Switch flow control
●Sometimes hosts on VLAN_C are sending very heavy traffic to R2, so that
R2 dropping packets. Configure SW1 so that it can receive instruction from R2 to stop sending packet
●You do not have to configure R2
SW1
No mls qos
Inter f0/2
flowcontrol receive on
Storm control
●Configure SW1 FastEthernet0/10
●When the flood reach 85% bandwidth traffic will block when drop to 60%
begin forward
SW1
Errdisable recovery cause storm-control （需要加这些吗？）
Interface f0/10
Storm-control broadcast level 85.00 60.00
Storm-control action drop
SPT ROOT (become root of VLAN_B)
●Configure Sw2 so that the device will be the root for VLAN_BB2
SW2
Spanning-tree mst 0 root pri
Aging-time
●Configure SW3 so that the Mac-address aging time is 500 seconds for VLAN
BB3
SW3
mac-address-table aging-time 500 vlan 13
二、IGP
RIPv2 configuration
●R1 is receiving RIP routes from a router on VLAN_BB1. Configure RIP
routing as shown in Diagram 2 with the following requirements
●Do NOT use broadcast or multicast to propagate your RIP routes
●Subnets must NOT be aggregated
●RIP updates should only be sent out of the RIP-enabled interfaces as per
Diagram 2
R1
Inter s0/0
ip split-horizon
router rip
version 2
no auto
passive-interface default
nei 150.1.yy.254
nei yy.yy.13.3
net 150.1.0.0
net yy.0.0.0
R3
Inter s0/0
Ip split-horizon
Router rip
Ver 2
NO auto
Passive-interface default
Nei yy.yy.13.1
Net yy.0.0.0
OSPF area 26
●Configure OSPF Area 26 as shown in Diagram 2(the Frame Relay segment
between R2 s0/1 and R6 s0/0/1 and VLAN_B).On the Frame Relay segment,configure so that it will conserve bandwidth and shorten OSPF adjacency establishment time（考试的时候没这些废话，就是说FR avoide DR election）by avoiding DR election.
●NOTE:You may choosw your own OSPF process ID.
OSPF-Area 0
●Configure OSPF Area 0 as shown in Diagram 2. DO NOT change the OSPF
network type . For the Frame Relay network , R5 must be elected as the DR.
●Authentication is not required at this time
OSPF-Area 3 and Area 4
●Configure OSPF Area 3 as shown in Diagram 2
●Configure OSPF Area 4 as shown in Diagram 2 so that only the default route
generated by OSPF is injected into Area 4
OSPF-Area 5 and OSPF Loopbacks
●Configure R5 so that it generates an OSPF default route injected into Area
5.The routing tables of any OSPF Area 5's internal routers should have the
OSPF inter-area(考试的时候是这个，不是intra-area) routes but not the OSPF
external routes.
Configure OSPF for Lo0 interfaces on the following devices: OSPF loopback 0
R2
Inter s0/1
Ip ospf network point-to-point
Inter loop 0
Ip ospf network point-to-point
Inter s0/0
Ip ospf priority 0
Router ospf yy
Route-id yy.yy.2.2
Area 26 virtual-link yy.yy.6.6
Area 4 stub no-summary
Net yy.yy.2.2 0.0.0.0 a 4
Net yy.yy.22.2 0.0.0.0 a 4
Net yy.yy.245.2 0.0.0.0 a 0
Net yy.yy.26.2 0.0.0.0 a 26
Net yy.yy.62.2 0.0.0.0 a 26
R6
Inter loop0
Ip ospf network point-to-point
Inter s0/1
Ip ospf network point-to-point
Router ospf yy
Route-id yy.yy.6.6
Area 26 virtual-link yy.yy.2.2 Net yy.yy.6.6 0.0.0.0 a 26 Net yy.yy.26.6 0.0.0.0 a 26 Net yy.yy.62.6 0.0.0.0 a 26 Net yy.yy.36.6 0.0.0.0 a 0
R4
Inter loop 0
Ip ospf point-to-point
Inter s0/0
Ip ospf priority 0
Router ospf yy
Route-id yy.yy.4.4
Net yy.yy.4.4 0.0.0.0 a 0
Net yy.yy.245.4 0.0.0.0 a 0
R5
Inter loop 0
Ip ospf point-to-point
Inter s0/0
Ip os priority 255
Router ospf yy
Route-id yy.yy.5.5
Area 5 stub
Net yy.yy.5.5 0.0.0.0 a 5
Net yy.yy.245.5 0.0.0.0 a 0 Net yy.yy.55.5 0.0.0.0 a 5 Nei yy.yy.245.2
Nei yy.yy.245.4
SW1
Inter loop 0
Ip ospf network point-to-point
Router ospf yy
Route-id yy.yy.7.7
Net yy.yy.7.7 0.0.0.0 a 3
Net yy.yy.36.7 0.0.0.0 a 0 Net yy.yy.33.7 0.0.0.0 a 3
R3
Inter loop 0
Ip ospf network point-to-point Inter e0/0
Ip ospf mtu-ignore
Router ospf yy
Route-id yy.yy.3.3
Net yy.yy.3.3 0.0.0.0 a 3
Net yy.yy.33.3 0.0.0.0 a 3
邻居统计:
R2 4
R3 1
R4 1
R5 2
R6 4
SW1 2
EIGRP Configuration
Configure EIGRP as follows:
●Place the interfaces VLAN 100 in EIGRP YY ，Sw4,Sw2,Sw3 Lo0 in EIGRP YY ●Do not summarize subnets
●Place the Backbone3 network in EIGRP 100
●The R6 EIGRP 100 neighbor on VLAN_BB3 will NOT send EIGRP query
packets to R6.Do not summarize subnets
SW1
Router eigrp yy
No auto
Net yy.yy.90.0 0.0.0.255
SW2
Router eigrp yy
No auto
Net yy.yy.8.0 0.0.0.255
Net yy.yy.90.0 0.0.0.255
SW3
Router eigrp yy
No auto
Net yy.yy.9.0 0.0.0.255
Net yy.yy.90.0 0.0.0.255
SW4
Router eigrp yy
Net yy.yy.10.0 0.0.0.255
Net yy.yy.90.0 0.0.0.255
R6
Router eigrp 100
No auto
Net 150.3.0.0
eigrp stub connected summary redistributed
RIP and OSPF route Summarization and Redistribution
●Perform mutual redistribution between RIP and OSPF
●Consolidate all RIP routes beginning with the 199.172 prefix as one
route ,not /16,when redistributing them into OSPF, R1 and R3 should still have on their routing tables as 199.172 RIP routes
R3
Ip prefix-list sum seq 5 per 199.172.0.0/19
ip prefix-list tag seq 5 permit 150.100.1.0/24
Route-map sum deny 10
match ip add prefix sum
Route-map sum per 20
route-map tag permit 10
match ip address prefix-list tag
set tag 20
route-map tag permit 20
router rip
redistribute ospf yy metric 1 route-map sum
Router ospf yy
Redistribute rip subnets route-map tag
Summary-address 199.172.0.0 255.255.224.0 tag 20
EIGRP YY and OSPF routes summmarization and Redistribution
●Perform mutual redistribution between EIGRP YY and OSPF
●The route 150.100.1.0 and consolidated 199.172 route should not appear in
the routing table of Sw2 , Sw3 ,Sw4.Do not use route filtering such as access-list &prefix-lilst to perform this task
SW1
Route-map toeigrpyy permit 10
Match tag 20
Set metric 0 -1 255 1 1500
Route-map toeigrpyy permit 20
Router eigrp yy
Redistribute ospf yy route-map toeigrpyy
Default-metric 10000 100 255 1 1500
Sw1
Router ospf yy
Redistribute eigrp yy subnets
EIGRP 100 and OSPF route Summarization and Redistribution
●Perform mutual redistribution between OSPF and EIGRP 100 to meet these
requirement
●Redistribute EIGRP 100 route 150.3.YY.0 and 198.2.0.0 only into OSPF (use
of lists is permitted).
●Redistribute OSPF routes YY.YY.6.0 and YY.YY.90.0 into EIGRP 100 Do not
use the "distribute-list" command to perform this task.
●Summarize all 198.2 prefix routes as one.
R6
Ip access-list standard toospf
Permit 150.3.yy.0
Permit 198.2.0.0 0.0.255.255
Route-map toospf permit 10
Match ip address toospf
Router ospf yy
Redistribute eigrp 100 subnet route-map toospf
Summary-address 198.2.0.0 255.255.248.0 (此处汇总为21位,说明明细为:0,1,2,3,4,5,6,7) 题目就只有要求非16位的
Ip access-list standard toeigrp100
Per yy.yy.6.0
Per yy.yy.90.0
Route-map toeigrp100 per 10
Match ip address toeigrp100
Router eigrp 100
Redistribute ospf yy metric 10000 100 255 1 1500 route-map toeigrp100
IGP做完后,需将BB2重分布进来,要保证全网可达.
SW1
Ping 150.3.yy.254 so vlan 100
R4：
route-map BB2 permit 10
match interface f0/0
router ospf yy
redistribute connected subnets route-map BB2
IPv6 OSPF V3
Config the interface on the following device with IPv6 address
R2---loopback 0 + serial 0/0 + fa0/0 + fa0/1
R4---loopback 0 + serial 0/0
R5---loopback 0 + serial 0/0
Use the assigned prefix of 3007:abc:def::/64 on all interfaces
The subnet ID is 16 bit,and it’s value is the same as the third octet do the IPv4 address of same interface(in another words,you do not need
to do the hex decimal conversion)
For example,the R2 s0/0 IPv6 subnet ID is 245
You need to determine the appropriate type of interface ID to use Don’t change network types configure OSPF v3 area 0
R5 must be DR
R2:ipv6 unicast-routing
ipv6 router ospf 12
router-id 12.12.2.2
interface Loopback0
ipv6 ospf network point-to-point 这里要注意一下！！！
ipv6 address 3007:ABC:DEF:2::/64 eui-64
ipv6 ospf 12 area 0
interface Serial0/0
ipv6 address 3007:ABC:DEF:245::/64 eui-64
ipv6 ospf priority 0
ipv6 ospf 12 area 0
frame-relay map ipv6 3007:ABC:DEF:245:2E0:B0FF:FE64:6668 215 broadcast
frame-relay map ipv6 FE80::260:47FF:FE40:DB54 215 broadcast
frame-relay map ipv6 3007:ABC:DEF:245:260:47FF:FE40:DB54 215 broadcast
frame-relay map ipv6 FE80::2E0:B0FF:FE64:6668 215 broadcast
ipv6 router ospf 12
router-id 12.12.4.4
interface Loopback0
ipv6 ospf network point-to-point
ipv6 address 3007:ABC:DEF:4::/64 eui-64
ipv6 ospf 12 area 0
interface Serial0
ipv6 address 3007:ABC:DEF:245::/64 eui-64
ipv6 ospf priority 0
ipv6 ospf 12 area 0
frame-relay map ipv6 3007:ABC:DEF:245:2E0:B0FF:FE64:6668 415 broadcast
frame-relay map ipv6 FE80::202:B9FF:FE30:6B40 415 broadcast
frame-relay map ipv6 3007:ABC:DEF:245:202:B9FF:FE30:6B40 415 broadcast
frame-relay map ipv6 FE80::2E0:B0FF:FE64:6668 415 broadcast
ipv6 router ospf 12
router-id 12.12.5.5
interface Loopback0
ipv6 ospf network point-to-point
ipv6 address 3007:ABC:DEF:5::/64 eui-64
ipv6 ospf 12 area 0
interface Serial0
ipv6 address 3007:ABC:DEF:245::/64 eui-64
ipv6 ospf priority 255
ipv6 ospf neighbor FE80::260:47FF:FE40:DB54
ipv6 ospf neighbor FE80::202:B9FF:FE30:6B40
ipv6 ospf 12 area 0
frame-relay map ipv6 FE80::260:47FF:FE40:DB54 514 broadcast
frame-relay map ipv6 FE80::202:B9FF:FE30:6B40 512 broadcast
frame-relay map ipv6 3007:ABC:DEF:245:260:47FF:FE40:DB54 514 broadcast
frame-relay map ipv6 3007:ABC:DEF:245:202:B9FF:FE30:6B40 512 broadcast
三、Ios feature
DHCP Configuration
●Configure R6 to provide the following parameters for DHCP clients on
VLAN_B
●Ensure that all IP address that have no yet been used in the subnet are
available
●Allow the subnet as a 24-bit mask
●The DNS servers area 150.1.YY.50 and 150.1.YY.51
●The domain name is
●For the default gateway, ensure that if R6 is down,R2 will be the default
gateway for hosts already allocatd an IP address. DO NOT configure HSRP as part of this solution
●Hosts must retain DHCP-assigned address forever
R6
Service dhcp
No ip dhcp conflict logging
Ip dhcp excluded-add yy.yy.62.6
Ip dhcp excluded-add yy.yy.62.2
ip dhcp pool ccie
Network yy.yy.62.0 /24
Domain
Dns-server 150.1.yy.50 150.1.yy.51
Default-router yy.yy.62.6 yy.yy.62.2
Lease infinite
Int e0/1.22
Ip irdp
ip irdp preference 10
R2
Int e0/1
Ip irdp
Application Performance Monitoring and Analysis -IP SLA
●To test and monitor the performance of telnet sessions between R4 and
R1,configure R1 and R4 using the following criteria:
●The Telnet source is YY.YY.254.4 on R4 and the destination is YY.YY.1.1 on
R1
●The testing will occur once every hour and will continue to do so forver
●The testing will occur immediately after you finish the configure for this
question
R1:ip sla moniter responder
R4:ip sla monitor 1
Tcp-Connect y.y.1.1 23 source-ip y.y.245.4
frequency 3600
ip sla schedule 1 life forever start-time now
UDP Broadcast Management
●Configure the BB3 interface on R6 to forward incoming bootpc broadcasts to
150.2.y.254 on Backbone2.
R6:
Ip forward-protocol udp bootpc
Interface e0/1.13
Ip helper-address 150.2.y.254
QOS
1、C ongestion Control
Configure the R3 Frame Relay interface for rate limiting by configuring the parameters CIR,Bc and MINCIR, considering the following:
●Your maximum throughput is 128kbps;
●During congestion, your provider will mark any traffic in excess of 48kps
as discard eligible. Make sure your throughput changes accordingly, based upon BECNs received, only.
●Your token bucket interval is 125ms tc=1/8s bc=cir/tc ←注意这里的
125ms如果变了就要用125除以1000 来算比例。

比如改为256的话就要晓得BC 就等于了128000除以4。

●Use a “map-class” to apply this feature to all PVCs
R3: map-class frame FR
frame-relay adaptive-shaping becn
frame-relay cir 128000
frame-relay mincir 48000
frame-relay bc 16000
int s0/0
frame-relay traffic-shaping ←千万不要掉了！！！
frame-relay class FR
2、C ongestion Management ip cef
●On R2 make sure either any traffic leaving FastEthernet0/0 set with
IP-Precedence 3, or traffic from VLAN_C destined to VLAN_BB3 has area guaranteed minimum bandwidth 128000bps.
Make sure, in case of congestion, that these packets get dropped randomly.
●Limit all traffic leaving FastEthernet0/0 with IP-precedence 2 to
128000bps on average
R2:
Ip cef
access 102 permit ip y.y.22.0 0.0.0.255 150.3.y.0 0.0.0.255
class-map match-any pre3 //注意看题是or还是and match ip precedence 3
match access-group 102
class-map match-all pre2
match ip precedence 2
policy-map CM
class pre3
random-detect 考试的题没有这个需求
bandwidth 128
class pre2
shape average 128000
int e0/0
service-policy output CM
3、F R Precedence
On R4 s0/0 config the Frame-relay PVC 405 with precedence Flashing or Priority as eligible for discarding,During of traffic congestion. Do not user MQC.
R4: access-list 104 permit ip any any precedence flash
access-list 104 permit ip any any precedence priority
frame-relay de-list 1 protocol ip list 104
int s0/0
frame-relay de-group 1 405
五、multicast routing
1、Multicast config
●Configure IP Multicast PIM Sparse Mode on R4(E0/0, S0/0), R5(S0/0
lookback0)and R2(Fa0/1,S0/0and Fa0/0)
●Make sure R5 lo0 is the RP for multicast groups 224.1.1.1 and 224.2.2.2
ONLY
●However do not configure the Rendezvous point on any router;
●Configure R4 E0/0 to join multicast groups 224.1.1.1 and 224.2.2.2. You
should be able to ping both multicast groups from all multicast routers.
BSR 自举
R2/4/5: ip multicast-routing
Interface xxx
ip pim sparse-mode
ip pim nbma
R4: e0/0 ip igmp join 224.1.1.1 / 224.2.2.2
R5: ip access-list stand group
per 224.1.1.1 /per 224.2.2.2
ip pim bsr-candidate lo0
ip pim rp-candidate lo0 scope 16 gr group
2、Limiting Multicast Traffic
On R2, limit the bandwidth of the multicast traffic sent to group 224.1.1.1 on Fa0/0 to 50Kbps and sent to group 224.2.2.2 on Fa0/1 to
1 Mbps.
R2: access-list 11 permit 224.1.1.1
access-list 22 permit 224.2.2.2
E0/0: ip multicast rate-limit out group-list 11 50
E0/1: ip multicast rate-limit out group-list 22 1000
六、Security
1、I P Security（是否要用watch模式？）
● A hacker is flooding your BB1 segment with area bandages of requests
for connect ip address 150.1.y.254
● The attack base on T CP SYN
● Configure R1 if the attack continue, the connect time will be 2.5
minutes
R1: access-list 101 permit tcp any host 150.1.yy.254
ip tcp intercept list 101
ip tcp intercept connection-timeout 150
2、A ccess level
● Create area level 5 user access level on R3 using password cisco5
● Make sure he can turn off any debug ,
● Extended ping address ,
● Remove or change interface ip address
● Save configure NVRAM
● Make sure you are still able to access router through console port and
apply show run and write terminal after you apply
● Configuring line exit out of level 5 user
R3: enable secret level 5 cisco5
privilege exec level 5 copy running-config startup-config write memory privilege exec level 5 ping
privilege exec level 5 undebug all
privilege exec level 5 no debug all
Privilege exec level 5 configure terminal
privilege configure level 5 interface
privilege interface level 5 ip address
privilege interface level 5 no ip address
privilege exec level 1 write terminal
privilege exec level 1 show running-config
3、O SPF authentication
Configure OSPF routing so that area 0 area protected by strongest authentication
用MD5 认证
Sw1/R6/2/5/4：ip ospf message-digest-key 1 md5 cisco
area 26 virtual-link y.y.2.2 message-digest-key 1 md5 cisco
area 0 authentication message-digest
七、BGP
1、I BGP config
●Your network contains 1 autonomous system, AS YY.
●Configure BGP between R1, R3, and R4.
●The BGP connections between R1, R3 and R4 should be active as long as
there is an active TCP/IP path between these routers.( 暗示用Loopback建邻居)
●Do NOT use route reflectors.( Full mesh)
●Ensure R3 contains BGP entries in its routing table once all BGP questions
are complete.
全互连，每一台都要做对另外2台的邻居
R1/3/4: router bgp YY
no sy
no auto
bgp router-id
Neighbor remote-as yy
update-source lo 0
2、E BGP config
●Configure EBGP between R4 and the external lab router on Backbone 2.
The neighbor on Backbone 2 has an IP address of 150.2.Y.254 and is in Autonomous System 254.
●Configure EBGP between R1 and the external lab router on Backbone 1.
The neighbor on Backbone 1 has an IP address of 150.1.Y.254 and is in Autonomous System 254.
●The EBGP session do not have to be cleared when the new policy to take
effect
R1:
neighbor 150.1.yy.254 remote-as 254
Neighbor 150.1.yy.254 soft-reconfiguration inbound ←这个记一下！！！
R4:
neighbor 150.2.yy.254 remote-as 254
Neighbor 150.2.yy.254 soft-reconfiguration inbound
3、R oute reduction and filtering （需要MATCH NEXT-HOP吗？）
●The BB2 router is advertising 197.68.z.0 on R4
●Generate area minimum super-net address
●R1 R3 must have the super-net point to R4 in their BGP table
●R1 and R3 the more specific routes should point face to 150.1.y.254 as
the best next-hop ensure 150.2.y.254 is an alternative valid next-hop
R1:
neighbor 150.1.yy.254 weight 100
nei yy.yy.3.3 route-map local out
route-map local permit 10
set local-pre 150
R4:
access-list 4 permit 150.2.yy.254
route-map BB2 permit 10
match ip next-hop 4
aggregate 197.68.0.0 255.255.224.0 as-set advertise-ma BB2。