CCNP Study Notes 4-route part-route control◆ Passive-interface-can be used in rip ospf. In rip, there are two network commands in the Process of ospf, which only receive and not send packets. In the process of ospf, there are two network commands: 1, advertise the route of the network address segment. The mask length i
lifetime (always valid)-(always valid) [valid now]R7 # show key chainKey-chain cisco:Key 1 -- text "cisc0"Accept lifetime (always valid)-(always valid) [valid now]Send lifetime (always valid)-(always valid) [valid nowFrom the above command, we can see that the two sides do not match the VPN password, so no neighbor relationship can be established.Solution:Change the verification password of both parties to the same.R7 (config) # key chain ciscoR7 (config-keychain) # key 1R7 (config-keychain-key
23.1.1.2, 00:00:32, serial1/1
2. Modify the route management distance of a specific neighbor Source
R2 (config) # router OSPF 1
R2 (config-router) # distance 122 1.1.2.1 0.0.0.0Be sure to writeRIDAnd anti-Mask
R2 # Show IP Ro OS
1.0.0.0/32 is subnetted, 2 subnets
O Ia 1.1.1.1 [122/65] via 12.1.1.1, 00:00:04, serial1/0
O Ia 1.1.2.1 [122/65] via 12.1.1.1, 00:00:04, serial1/0
3.0.0.0/32 is subnetted, 2 subnets
O 3.1.2.1 [110/65] via 23.1.1.2, 00:00:
Lab requirements: 1. Build an environment based on the topology. The business trip staff use a real PC to bridge a router and connect to the ISP;2. Traveling staff can access VLAN2 on the Headquarters Intranet through PPTP and access the WEB server on the ISP;3. A IPSEC-VPN is required between the departments of the total score to securely transmit the traffic through the ISP, among which VLAN3 to VLAN4 requires 3DES encryption, MD5 hash; AES encryption and SHA hashing are used between VLAN3 and
CCNP comprehensive experiment-
The top labs are as follows:
650) this. width = 650; "alt =" "border =" 0 "src =" http://img1.51cto.com/attachment/201104/185551130.jpg "/>Lab requirements: 1: R3, R4 for NAT, R3 E0/1 for export, and R4 E0/0 for export. 2: R3, R4, R5, R7, R8 do OSPF, R3, R4, R5, R7 do frame-relay, R7 do FR switch. . 8.8.8 reaches 1.1.1.1 and is converted from R3 to public IP address 3.3.3.3. 8.8.8.9 when 1.1.1.1 is reached, it is switch
CCNP Study Notes 2-routing part-VPNReview the dynamic protocol: rip vpn ospf encapsulation UDP 520 IP 88 IP 89 update address 224.0.0.9 224.0.0.10 224.0.0.5/6 use passive to implement intercommunication between the two ends of unicast neighbor and the output interface to implement unicast NBMA point to multicast unicast key complete neighbor update methods, timing 30 seconds 15% offset, trigger incremental update, trigger timing 30 minutes trigger AD
Lab question: R2 is connected to R3 R5 as a fast Ethernet cable, and the others are strings. Frame relay is a full-connection mesh structure by default, that is, the PVC between all connected routes has been connected, and all
Disable the reverse ARP functions of R5 and R8 to manually configure the map from R5 to R8.
The topology used in this experiment is the ccnp standard topology, as shown below:
Certificate -------------------------------------
, check whether the loose 4.4.4.4 to R4 is normal on R1.
R1 # clear IP route *
R1 # Show IP Route
......
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, loopback0
4.0.0.0/32 is subnetted, 1 subnets
O E2 4.4.4.4 [110/20] via 10.1.13.3, 00:00:01, fastethernet0/0
[110/20] via 10.1.12.2, 00:00:01, fastethernet0/1
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.13.0 is directly connected, fastethe
OSPF comprehensive experiment (1)
This experiment mainly describes multiple methods of working on OSPF interfaces.
Lab:
The topology used is the ccnp Standard Edition ,:
Certificate -------------------------------------------------------------------------------------------------------------------------------------
1. Full-Network Access
Since frame relay is fully enabled and fully connected by default in ccnp
authenticationMD5 Certification principles:1. Sending the minimum key ID keys2. The number that carries the key ID3. The receiver first looks for the same key ID, if any, matches only once, determines whether it succeedsIf there is no key ID, only one hop down is found, and if it matches, the authentication succeeds; if it does not match, the authentication failsRIP v2 Support Auto-summarizationRip issued default route (5 kinds)1. Method one. Default
[Experimental environment] veryhuo.com
C3640-IK9O3S-M Version 12.4 (10) veryhuo.com
[Tutorial Objective] Lie's Fire Network
The tunnel technology is used to expand the frame relay switch simulated by the router to make up for the insufficient frame relay interface caused by limited router interfaces. Lie-fire-network
[Experiment topology]
Liehuo.net
Veryhuo.com
[Experiment description] liehuo.net
In the experimental environment, because frame relay switches are expensive, we use routers to sim
OSPF RIP EIGRPCategorical IGP no class link state igp no class distance vector IGP no class blendingEncapsulated IP udp520 IP 88Update address 224.0.0.5-6 224.0.0.9 224.0.0.10 can also neighbor refer to unicastUpdate mode timing (30 points) Full complete (30-second timing trigger incremental triggerAging (60 min) triggerAD 110 120 Rollup 5 external 170 Internal 90Metric Bandwidth hop count 5 K value (default bandwidth delay)########################################################################
a full mesh of IBGP peers in each system.
Peer R1 and R2 using loopback address, not their directly connected interfaces.
Advertise all loopback interfaces to the BGP process, except on R2, where the only loopback advertised should is LOOPBAC K 2.
On R2, create a static summary route for the rest of it loopback interfaces nad advertise this static route in BGP.
R4 should send a summary
1.1.123.3R3:router RIPNo autoNET 1.0.0.0Nei 1.1.123.1-The most secure way to validate is to verify that the R3 can accept R1 routes, and R1 does not accept R3 routesR1:Key Chani TestKey 1Key-string Ciscoint f0/0IP RIP auten mode MD5IP RIP authen key-chain testSho IP roR3:Ken Chani TestKey 2Key-string CiscoSho IP roRIP MD5 Verification principle: Key-id from the top to the next match, if the other side of the key file and their own does not match, it key-id+1 until the same password, if the othe
List of files in the download package:Dotnetfx1.1chs.exe ..... ......... Microsoft. Net Framework 1.1 Simplified Chinese versionAdberdr812_zh_cn.exe ....... Adobe Acrobat Reader 8.12 Simplified Chinese versionCcnp_netsim7.02.exe ..... ......... Boson NetSim for CCNP 7.02 English version (note: The latest is version 7.06, but cannot be cracked)Boson NetSim for CCNP 7.06.RAR ...... This is the latest version
CCNP rs Routing switching Direction corresponding Certificate Cisco Certified Senior Network Engineer-CCNP (Cisco Certified Networks Professional) Certification Prerequisites effective CCNA Routing and authentication or any valid CCIE authentication Suitable for people interested in the network industry and have CCNA basic knowledge of the crowd; intends to obtain CCNP
Recently, I searched for the Cisco simulator on the Internet and found that many netsim 7.0 for ccnp attack patches and replacement files are available for download. Therefore, I cannot download them urgently.
The result is:1. download the latest version of boson: 7.06 and 7.02 is hard to find;2. Replace the file with 7.02.3. Although the patch is declared to be used only in version 7.02, the application of the patch in version 7.02 is not normal af
asbr-----------------------------------------? view LSA 4First Class LSAOrigin: Each route has 1 types of LSASpread: Spread in the region, not through the ABRContent:OSPF Rollup:Interregional summaryConfigured on all ABR in the rollup area, Zone 0 range 192.168.0.0 255.255.0.0As Inter-summary:Configured on ASBR, summary-address 10.1.0.0 255.255.252.0 tag 88FilterWhy to play tag, to support QoS, it is necessary to use QoS, convenient, tag is not used
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.