Ccnp, third-day Comprehensive Test of the kernel Kernel

Lab question: R2 is connected to R3 R5 as a fast Ethernet cable, and the others are strings. Frame relay is a full-connection mesh structure by default, that is, the PVC between all connected routes has been connected, and all

Disable the reverse ARP functions of R5 and R8 to manually configure the map from R5 to R8.

The topology used in this experiment is the ccnp standard topology, as shown below:

 

Certificate ---------------------------------------------------------------------------------------------------------------------------------------

IP address planning

Bytes --------------------------------------------------------------------------------------------------------------

Configure the loopback and link for R1 to R8 according to the IP plan

1. loop back
R1 (config) # int lo0
R1 (config-If) # IP add 1.1.1.1 255.255.255.0

R2 (config-If) # int lo0
R2 (config-If) # IP add 172.16.2.1 255.255.255.0

// Both R3 and R8 are Loops

R3 (config) # int lo0
R3 (config-If) # IP add 172.16.3.1 255.255.255.255.128
R3 (config-If) # int lo1
R3 (config-If) # IP add 172.16.3.129 255.255.255.128

R4 (config) # int lo0
R4 (config-If) # IP add 172.16.4.1 255.255.255.128
R4 (config-If) # int lo1
R4 (config-If) # IP add 172.16.4.129 255.255.255.255.128

............

R8 (config) # int lo0
R8 (config-If) # IP add 172.16.8.1 255.255.255.128
R8 (config-If) # int lo1
R8 (config-If) # IP add 172.16.8.129 255.255.255.128

Certificate ----------------------------------------------------------------------------------------------------------------------------------------

2. Links

R1-R2
R1 (config-If) # int S1/1
R1 (config-If) # IP add 12.1.1.1 255.255.255.0
R1 (config-If) # No Shutdown

R2 (config) # int S1/0
R2 (config-If) # IP add 12.1.1.2 255.255.255.0
R2 (config-If) # No Shutdown

R2-r3-R5
R2 (config-If) # int F0/0
R2 (config-If) # IP add 172.16.10.2 255.255.255.240
R2 (config-If) # No Shutdown

R3 (config-If) # int F0/0
R3 (config-If) # IP add 172.16.10.3 255.255.255.240
R3 (config-If) # No Shutdown

R5 (config-If) # int F0/0
R5 (config-If) # IP add 172.16.10.5 255.255.255.240
R5 (config-If) # No Shutdown

R3-r4
R3 (config-If) # int S1/1
R3 (config-If) # IP add 172.16.10.17 255.255.255.255.240
R3 (config-If) # No Shutdown

R4 (config) # int S1/0
R4 (config-If) # IP add 172.16.10.18 255.255.255.240
R4 (config-If) # No Shutdown

R4-R5
R4 (config-If) # int S1/1
R4 (config-If) # IP add 172.16.10.33 255.255.255.240
R4 (config-If) # No Shutdown

R5 (config) # int S1/0
R5 (config-If) # IP add 172.16.10.34 255.255.255.240
R5 (config-If) # No Shutdown

............

R7 (config-If) # int S1/1
R7 (config-If) # IP add 172.16.10.81 255.255.255.255.240
R7 (config-If) # No Shutdown

R8 (config-If) # int S1/0
R8 (config-If) # IP add 172.16.10.82 255.255.255.240
R8 (config-If) # No Shutdown

R5-R8
// Because the frame relay in the ccnp standard topology is fomans, the S1/2 interface of the default R1-R8 has been connected to the frame relay switch, so during the experiment, you need to disable inarp (reverse ARP) on R5 and R8 S1/2 interfaces ), to compile the map manually.

R5 (config) # int S1/2
R5 (config-If) # encapsulation frame-relay
R5 (config-If) # No frame-relay inverse-ARP
R5 (config-If) # No ARP frame-relay
R5 (config-If) # IP add 172.16.10.97 255.255.255.240
R5 (config-If) # No Shutdown
R5 (config-If) # frame-relay map IP 172.16.10.98 508 Broadcast

R8 (config) # int S1/2
R8 (config-If) # encapsulation frame-relay
R8 (config-If) # No frame-relay inverse-ARP
R8 (config-If) # No ARP frame-relay
R8 (config-If) # IP add 172.16.10.98 255.255.255.240
R8 (config-If) # No Shutdown
R8 (config-If) # frame-relay map IP address 172.16.10.97 805 Broadcast

So far, the loop and link have been completed, and the connectivity test should be conducted first.
Certificate -------------------------------------------------------------------------------------------------------------------------------------------

3. R2-R8 Intranet start with the VPN Protocol

R2 (config) # router VPN 90
R2 (config-router) # No auto-Summary
R2 (config-router) # network 172.16.0.0

R3 (config) # router VPN 90
R3 (config-router) # No auto-Summary
R3 (config-router) # network 172.16.0.0
......

R8 (config) # router VPN 90
R8 (config-router) # No auto-Summary
R8 (config-router) # network 172.16.0.0

Wait a moment after the Protocol is started.
Then, in privileged mode, check whether the neighbor table of each vro is complete. If not, check the previous configuration and then proceed to the next step to check whether the route entries on each vro are complete, in this case, the Intranet should be fully accessible.
Certificate ------------------------------------------------------------------------------------------------------------------------------------

3. Modify the bandwidth of the S1/1 interface of R4 to 800 KB (1544 kbit by default) to enable non-overhead load balancing between R4 and R2.

According to the R4 route table, by default, R4 to R2 are equivalent to overhead load balancing.

Next, modify the bandwidth of the S1/1 interface of R4.
R4 (config) # int S1/1
R4 (config-If) # bandwidth 800
R4 (config-If) # exit

 

After modifying the interface bandwidth, let's look at the R4 topology table (Part) as follows:

Note that the red part in the figure indicates that there are two paths from R4 to R2, and the optimal path is S1/0, where S1/1 is used as the backup path, if we want to achieve non-equivalent overhead load balancing, we need to modify the difference value

R4 (config) # router VPN 90
R4 (config-router) # variance 2// Modify the difference value to 2

After the modification, wait for the route entry to converge. Now we can view the R4 route table. Pay attention to the red part, which implements non-cost load balancing.

The route table of R4 is as follows:

To view the two paths further, run the following command:
R4 # Show IP Route 172.16.10.0

Note that the red part indicates that the S1/0 interface of R4 and the S1/1 interface transmit data packets to the outside at a rate of 12 to 7 (that is, non-overhead load balancing)

Certificate ---------------------------------------------------------------------------------------------------------------------------------------

4. R5's R8 round-back uses R6
(Since the next requirement is to summarize the cycle, we need to complete the next requirement first, and then return it to do this)

First, check the R5 route table:

The figure shows that R5 to R8 uses the S1/2 port, that is, Frame Relay switch.

Next, view the R5 topology table:

The figure shows that R5 to R8 only has S1/2 in the topology table, there is no backup path (this is because the S1/1 interface of R5 does not meet the backup path conditions: the ad value of the backup path must be strictly less than the FD value of the Optimal Path)

AD: The advertised distance, that is, the measurement value of the neighbor of the path reaching the target.
FD: feasible distance, that is, the measurement value that reaches the target through this path.

Currently, FD is 2297856. Add 2000000 to it as follows:

R5 (config) # access-List 1 permit 172.16.8.0 0.0.255// Obtain the loop traffic from R8
R5 (config) # router VPN 90
R5 (config-router) # offset-List 1 in 2000000 serial 1/2

View the R5 Topology

The table shows that the S1/2 path from R5 to R8 is the backup path, and S1/1 is the best path.

Check the R5 route table.

As can be seen from the table, the R8 loop accessed by R5 will be accessed through R6.

Certificate --------------------------------------------------------------------------------------------------------------------------------------

 

5. Reduce route entries and increase update security

1) according to our plan for IP addresses, We will summarize the loopback of all route interfaces from R3 to R8.

R3 (config) # int F0/0
R3 (config-If) # IP Summary-address VPN 90 172.16.3.0 255.255.255.0
R3 (config-If) # int S1/1
R3 (config-If) # IP Summary-address VPN 90 172.16.3.0 255.255.255.0

............

R8 (config) # int S1/0
R8 (config-If) # IP Summary-address VPN 90 172.16.8.0 255.255.255.0
R8 (config-If) # int S1/2
R8 (config-If) # IP Summary-address VPN 90 172.16.8.0 255.255.255.0

(2) added update security (enabling authentication between routes). PS: Only ciphertext authentication is supported for OSPF.

// The authentication process is demonstrated by R2 only.

* 1 define the key first
R2 (config) # key chain CCIE
R2 (config-keychain) # key 1
R2 (config-keychain-key) # key-string Cisco
R2 (config-keychain-key) # exit

* 2 call interfaces connected to neighbors
R2 (config) # int S1/1
R2 (config-If) # IP authentication key-chain VPN 90 CCIE
R2 (config-If) # The MD5 value of the IP Authentication mode, and the MD5 value must be MD5. Only ciphertext authentication is supported.

After the summary, view the route table from R3 to R8. Normally, except for the two loopback packages of the current vro, only route entries in/24/24/25/28 are returned for other routes.
Certificate -----------------------------------------------------------------------------------------------------------------------------------

 

6. R2-R8 can access Internet of R1: 1) default 2) Nat

1) Default

R2 (config) # IP Route 0.0.0.0 0.0.0.0 12.1.1.1

// Inform the Intranet in the form of republishing (recommended)
R2 (config) # router VPN 90
R2 (config-router) # redistribute static

// Or manually summarize the public IP address 0.0.0.0/0 on all interfaces connected to the Intranet on the VBR (R2) (the adjacent network must be disconnected, and the local loopback of the VBR will also be summarized, not recommended)
R2 (config) # interface S1/1
R2 (config-If) # IP Summary-address VPN 90 0.0.0.0 0.0.0.0

2) Nat
R2 (config) # access-List 2 permit 172.16.0.0 0.0.255.255
R2 (config) # ip nat inside source list 2 interface S1/0 overload

R2 (config) # int S1/0
R2 (config-If) # ip nat outside
R2 (config-If) # int F0/0
R2 (config-If) # ip nat inside

Bytes ----------------------------------------------------------------------------------------------------------------

 

7. R1 Telnet R2 actually goes back to R8

1) Write A ing between port 23 of R2 and port 23 of R8. Because R8 has two loopback ports
R2 (config) # ip nat inside source static TCP 172.16.8.1 23 12.1.1.2 23
Or
R2 (config) # ip nat inside source static TCP 172.16.8.129 23 12.1.1.2 23

2) enable remote logon on R8
R8 (config) # Line vty 0 4
R8 (config-line) # password Cisco

When R1 Telnet 12.1.1.2 is used, R8 is actually logged on.
Bytes ----------------------------------------------------------------------------------------------------------------------

 

Statement:

This article aims to organize and implement the knowledge learned by Yi Ba Lang.

You are welcome to reprint this document, but please make sure that this document is complete or noted. This document shall not be used for commercial purposes without the consent of big Yi Ba Lang. Finally, if you can get some help from this simple document, big Yi Ba Lang will be very happy with his own efforts. Due to the limited level of the author, if the errors in this document cause inconvenience, I am sorry in advance.

Wish you good health and smooth work.