Thứ Sáu, 23 tháng 12, 2011

IS-IS Multi Area Lab2





### IS-IS Multi Area CONFIGURE
## 1, BASIC CONFIG, HOSTNAME, IP ADDRESS ACCORDING TO THE DIAGRAM.
# R1: HOSTNAME R1
      enable
    config terminal
    hostname R1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=====================================

# R2: HOSTNAME R2
      enable
    config terminal
    hostname R2
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=====================================

# R3: HOSTNAME R3
      enable
    config terminal
    hostname R3
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=====================================

## 2 CONFIGURE IP ADDRESS ACCORDING TO THE DIAGRAM
# R1:
    config terminal
      interface f0/0
        ip address 172.16.0.1 255.255.255.0
        no shutdown
        exit
      interface s1/0
        ip address 10.0.0.1 255.255.255.252
        no shutdown
        exit
      interface loopback 0
        ip address 192.168.10.1 255.255.255.255
        end
        wr
=======================================================

# R2:
    config terminal
      interface f0/0
        ip address 172.16.0.2 255.255.255.0
        no shutdown
        exit
      interface loopback 0
        ip address 192.168.20.2 255.255.255.255
        end
        wr
=======================================================

# R3:
    config terminal
      interface s1/0
        ip address 10.0.0.2 255.255.255.252
        no shutdown
        exit
      interface loopback 0
        ip address 192.168.30.3 255.255.255.255
        end
        wr
=======================================================

## 3 CONFIGURE INTEGRATED IS-IS
# R1
    config terminal
      router isis
        net 49.0001.1111.1111.1111.00
        is-type level-1-2       
        exit
      interface f0/0
        ip router isis
        isis circuit-type level-1
        exit
      interface s1/0
        ip router isis
        isis circuit-type level-1-2
        exit
      interface loopback 0
        ip router isis
        isis circuit-type level-1
        end
        wr
==================================================================

# R2
    config terminal
      router isis
        net 49.0001.2222.2222.2222.00
        is-type level-1       
        exit
      interface f0/0
        ip router isis
        isis circuit-type level-1
        exit
      interface loopback 0
        ip router isis
        isis circuit-type level-1
        end
        wr
==================================================================

# R3
    config terminal
      router isis
        net 49.0002.3333.3333.3333.00
        is-type level-2       
        exit
      interface s1/0
        ip router isis
        isis circuit-type level-2
        exit
      interface loopback 0
        ip router isis
        isis circuit-type level-2
        end
        wr
=================================================================
## 4 VERIFYING IS-IS ADJACENCIES AND OPERATION
# show ip protocols
# show clns protocols
# show clns neighbors
# show clns neighbors detail
# show isis database
# show clns interface f0/0
# show isis database R1.00-00 detail
# show isis topology
# show ip route
==================================================================

================The End==========================

Người đăng: vào lúc Không có nhận xét nào:

IS-IS Multi Area Lab 1

###IS-IS Multi Area CONFIGURE
## 1, BASIC CONFIG, HOSTNAME, IP ADDRESS ACCORDING TO THE DIAGRAM.
# R1: HOSTNAME R1
      enable
    config terminal
    hostname R1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=====================================

# R2: HOSTNAME R2
      enable
    config terminal
    hostname R2
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=====================================

# R3: HOSTNAME R3
      enable
    config terminal
    hostname R3
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=====================================

# R4: HOSTNAME R4
      enable
    config terminal
    hostname R4
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=====================================

# R5: HOSTNAME R5
      enable
    config terminal
    hostname R5
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=====================================

## 2 CONFIGURE IP ADDRESS ACCORDING TO THE DIAGRAM
# R1:
    config terminal
      interface f0/0
        ip address 12.0.0.1 255.255.255.0
        no shutdown
        exit
      interface loopback 0
        ip address 1.1.1.1 255.255.255.255
        end
        wr
=======================================================

# R2:
    config terminal
      interface f0/0
        ip address 12.0.0.2 255.255.255.0
        no shutdown
        exit
      interface f0/1
        ip address 23.0.0.2 255.255.255.0
        no shutdown
        exit
      interface loopback 0
        ip address 2.2.2.2 255.255.255.255
        end
        wr
=======================================================

# R3:
    config terminal
      interface f0/0
        ip address 34.0.0.3 255.255.255.0
        no shutdown
        exit
      interface f0/1
        ip address 35.0.0.3 255.255.255.0
        no shutdown
        exit
      interface f1/0
        ip address 23.0.0.3 255.255.255.0
        no shutdown
        exit
      interface loopback 0
        ip address 3.3.3.3 255.255.255.255
        end
        wr
=======================================================

# R4:
    config terminal
      interface f0/0
        ip address 34.0.0.4 255.255.255.0
        no shutdown
        exit
      interface f0/1
        ip address 45.0.0.4 255.255.255.0
        no shutdown
        exit
      interface loopback 0
        ip address 4.4.4.4 255.255.255.255
        end
        wr
=======================================================

# R5:
    config terminal
      interface f0/0
        ip address 45.0.0.5 255.255.255.0
        no shutdown
        exit
      interface f0/1
        ip address 35.0.0.5 255.255.255.0
        no shutdown
        exit
      interface loopback 0
        ip address 5.5.5.5 255.255.255.255
        end
        wr
=======================================================

## 3 CONFIGURE INTERGRATED IS-IS
# R1
    config terminal
      router isis
        net 49.0002.1111.1111.1111.00
        is-type level-2       
        exit
      interface f0/0
        ip router isis
        isis circuit-type level-2
        end
        wr
==================================================================

# R2
    config terminal
      router isis
        net 49.0002.2222.2222.2222.00
        is-type level-2       
        exit
      interface f0/0
        ip router isis
        isis circuit-type level-2
        exit
      interface f0/1
        ip router isis
        isis circuit-type level-2
        end
        wr
==================================================================

# R3
    config terminal
      router isis
        net 49.0001.3333.3333.3333.00
        is-type level-1-2       
        exit
      interface f1/0
        ip router isis
        isis circuit-type level-1-2
        exit
      interface f0/0
        ip router isis
        isis circuit-type level-1-2
        exit
      interface f0/1
        ip router isis
        isis circuit-type level-1-2
        end
        wr
==================================================================

# R4
    config terminal
      router isis
        net 49.0001.4444.4444.4444.00
        no passive-interface loopback 0
        is-type level-1       
        exit
      interface f0/0
        ip router isis
        isis circuit-type level-1
        exit
      interface f0/1
        ip router isis
        isis circuit-type level-1
        end
        wr
=================================================================

# R5
    config terminal
      router isis
        net 49.0001.5555.5555.5555.00
        no passive-interface loopback 0
        is-type level-1       
        exit
      interface f0/0
        ip router isis
        isis circuit-type level-1
        exit
      interface f0/1
        ip router isis
        isis circuit-type level-1
        end
        wr
=================================================================
## 3 VERIFYING IS-IS ADJACENCIES AND OPERATION
# show ip protocols
# show clns protocols
# show clns neighbors
# show clns neighbors detail
# show isis database
# show clns interface f0/0
# show isis database R1.00-00 detail
# show isis topology
# show ip route
==================================================================

================The End==========================
Người đăng: vào lúc Không có nhận xét nào:

Integrated IS-IS





### IS-IS BASIC CONFIGURE
## 1, BASIC CONFIG, HOSTNAME, IP ADDRESS ACCORDING TO THE DIAGRAM.
# R1: HOSTNAME R1
      enable
    config terminal
    hostname R1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=====================================

# R2: HOSTNAME R2
      enable
    config terminal
    hostname R2
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=====================================

# R3: HOSTNAME R3
      enable
    config terminal
    hostname R3
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=====================================

## 2 CONFIGURE IP ADDRESS ACCORDING TO THE DIAGRAM
# R1:
    config terminal
      interface f0/0
        ip address 172.16.0.1 255.255.255.0
        no shutdown
        exit
      interface loopback 0
        ip address 192.168.10.1 255.255.255.0
        end
        wr
=======================================================

# R2:
    config terminal
      interface f0/0
        ip address 172.16.0.2 255.255.255.0
        no shutdown
        exit
      interface loopback 0
        ip address 192.168.20.2 255.255.255.0
        end
        wr
=======================================================

# R3:
    config terminal
      interface f0/0
        ip address 172.16.0.3 255.255.255.0
        no shutdown
        exit
      interface loopback 0
        ip address 192.168.30.3 255.255.255.0
        end
        wr
=======================================================

## 3 CONFIGURE INTERGRATED IS-IS
# R1
    config terminal
      router isis
        net 49.0001.1111.1111.1111.00
        exit
      interface f0/0
      ip router isis
      isis priority 100
      interface loopback 0
      ip router isis
     end
     wr
==================================================================

# R2
    config terminal
      router isis
        net 49.0001.2222.2222.2222.00
        exit
      interface f0/0
      ip router isis
      isis priority 100
      interface loopback 0
      ip router isis
     end
     wr
==================================================================

# R3
    config terminal
      router isis
        net 49.0001.3333.3333.3333.00
        exit
      interface f0/0
      ip router isis
      isis priority 100
      interface loopback 0
      ip router isis
     end
     wr
==================================================================
## 3 VERIFYING IS-IS ADJACENCIES AND OPERATION
# show ip protocols
# show clns protocols
# show clns neighbors
# show clns neighbors detail
# show isis database
# show clns interface f0/0
# show isis database R1.00-00 detail
# show isis topology
# show ip route
==================================================================

## 4 CONVERTING TO THE IS-IS BACKBONE
# R1
    config terminal
      router isis
        is-type level-2-only
       end
       wr
==================================================================

# R2
    config terminal
      router isis
        is-type level-2-only
       end
       wr
==================================================================

# R3
    config terminal
      router isis
        is-type level-2-only
       end
       wr
==================================================================

## 5 IMPLEMENTING IS-IS L2 CORE AUTHENTICATION
# R1
    config terminal
      interface f0/0
        isis password 123 level-2
       end
       wr
=================================================================

# R2
    config terminal
      interface f0/0
        isis password 123 level-2
       end
       wr
=================================================================

# R3
    config terminal
      interface f0/0
        isis password 123 level-2
       end
       wr
=================================================================
# debug isis adj-packets
=================================================================

## 5 IMPLEMENTING IS-IS DOMAIN AUTHENTICATION
# R1
    config terminal
      router isis
        domain-password 123
       end
       wr
==================================================================

# R2
    config terminal
      router isis
        domain-password 123
       end
       wr
==================================================================

# R3
    config terminal
      router isis
        domain-password 123
       end
       wr
==================================================================

       ================The End==========================

Người đăng: vào lúc Không có nhận xét nào:

Thứ Hai, 12 tháng 12, 2011

CONFIGURE LAB DOT1Q-TUNNEL (Q in Q)





1, BASIC CONFIGURE HOSTNAME
# A1: Hostname for customer A1
# A1 SPEED UP
# STEP1: HOSTNAME A1 for customer A1
      enable
    config terminal
    hostname A1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP1: HOSTNAME A2 for customer A2
      enable
    config terminal
    hostname A2
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
===================================================

# STEP1: HOSTNAME ISP1 for provide ISP1
      enable
    config terminal
    hostname ISP1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr

===================================================

# STEP1: HOSTNAME ISP2 for provide ISP2
      enable
    config terminal
    hostname ISP2
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP2: CONFIGURE VLAN 10,20,30 AND ASSING PORT FOR VLAN ON SWITCH A1
# A1 TRUNK, VLAN,spanning-tree portfast default
    config terminal
       vlan 10,20,30
        exit
       interface f0/1
       switchport trunk encapsulation dot 1q
       switchport mode trunk
        exit
       interface range f0/2 - 4
       switchport mode access
       switchport access vlan 10
        exit
       interface range f0/5 - 7
       switchport mode access
       switchport access vlan 20
        exit
       interface range f0/8 - 10
       switchport mode access
       switchport access vlan 30
        exit
       spanning tree portfast default
      end
      wr
=================================================

# A2 TRUNK, VLAN,spanning-tree portfast default
    config terminal
       vlan 10,20,30
        exit
       interface f0/1
       switchport trunk encapsulation dot 1q
       switchport mode trunk
        exit
       interface range f0/2 - 4
       switchport mode access
       switchport access vlan 10
        exit
       interface range f0/5 - 7
       switchport mode access
       switchport access vlan 20
        exit
       interface range f0/8 - 10
       switchport mode access
       switchport access vlan 30
        exit
       spanning-tree portfast default
      end
      wr
=================================================

# STEP3: CONFIGURE DOT 1Q-TUNNEL INTERFACE
# ISP1 CONFIGURE DOT 1Q-TUNNEL INTERFACE
    config terminal
      vlan 100
      exit
     system mtu 1504
     interface F0/1
     switchport access vlan 100
     switchport mode dot1q-tunnel
     l2protocol-tennel {cdp|vtp|stp}
      exit
     interface f0/24
     switchport trunk encapsulation dot 1q
     switchport mode trunk
       end
       wr
===================================================

# ISP2 CONFIGURE DOT 1Q-TUNNEL INTERFACE
    config terminal
      vlan 100
      exit
     system mtu 1504
     interface F0/1
     switchport access vlan 100
     switchport mode dot1q-tunnel
     l2protocol-tennel {cdp|vtp|stp}
      exit
     interface f0/24
     switchport trunk encapsulation dot 1q
     switchport mode trunk
       end
       wr
===================================================

COMMANS TEST
# show interface status
# show interface {int} switchport
# show interface trunk
# show cdp neighbor
# show system mtu
=================THE END================
Người đăng: vào lúc Không có nhận xét nào:

Thứ Năm, 8 tháng 12, 2011

Lab Switch CCNP







Người đăng: vào lúc Không có nhận xét nào:

Thứ Sáu, 25 tháng 11, 2011

CONFIGURE LABSW FINAL1 (Etherchannel, Trunk, Native Vlan...)

CONFIGURE LABSW FINAL1
1, BASIC CONFIGURE HOSTNAME, IP ADDRESS ACCORDING TO THE DIAGRAM
# AC1: Hostname, Etherchannel, Trunk, Native Vlan 100
# AC1 SPEED UP
# STEP 1: HOSTNAME AC1
      enable
    config terminal
    hostname AC1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME DS1
      enable
    config terminal
    hostname DS1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
===================================================

# STEP 1: HOSTNAME DS2
      enable
    config terminal
    hostname DS2
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME CS1
      enable
    config terminal
    hostname CS1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME CS2
      enable
    config terminal
    hostname CS2
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME SWSERVER
      enable
    config terminal
    hostname SWSERVER
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME GW1
      enable
    config terminal
    hostname GW1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME GW2
      enable
    config terminal
    hostname GW2
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# CS1: CONFIGURE IP ADDRESS
    config terminal
      interface f0/12
         no switchport
         ip address 192.168.40.1 255.255.255.0
         no shutdown
        exit
      interface f0/13
         no switchport
         ip address 10.10.10.1 255.255.255.0
         no shutdown
        exit
      interface f0/14
         no switchport
         ip address 192.168.100.1 255.255.255.0
         no shutdown
        exit
      interface f0/15
         no switchport
         ip address 192.168.10.1 255.255.255.0
         no shutdown
        end
        wr
=====================================================

# CS2: CONFIGURE IP ADDRESS
    config terminal
      interface f0/12
         no switchport
         ip address 192.168.50.1 255.255.255.0
         no shutdown
        exit
      interface f0/13
         no switchport
         ip address 20.20.20.1 255.255.255.0
         no shutdown
        exit
      interface f0/14
         no switchport
         ip address 192.168.100.2 255.255.255.0
         no shutdown
        exit
      interface f0/15
         no switchport
         ip address 192.168.20.1 255.255.255.0
         no shutdown
        end
        wr
=====================================================

# GW1: CONFIGURE IP ADDRESS
    config terminal
      interface f0/1
         ip address 10.10.10.2 255.255.255.0
         no shutdown
        exit
      interface f0/0
         ip address dhcp
         no shutdown
        end
        wr
====================================================

# GW2: CONFIGURE IP ADDRESS
    config terminal
      interface f0/1
         ip address 20.20.20.2 255.255.255.0
         no shutdown
        exit
      interface f0/0
         ip address dhcp
         no shutdown
        end
        wr
====================================================

2, DS1; DS2; AC1 CONFIGURE ETHERCHANNEL; TRUNK; NATIVLAN 100; VTP; STP
# STEP 2: IP ADDRESS; ETHERCHANNEL; TRUNK; NATIVE VLAN 100
# DS1: IP address; Etherchannel, Trunk, Native Vlan 100
    config terminal
      interface f0/13
         no switchport
         ip address 192.168.30.1 255.255.255.0
         no shutdown
        exit
      interface f0/12
         no switchport
         ip address 192.168.10.2 255.255.255.0
         no shutdown
        exit
      interface f0/11
         no switchport
         ip address 192.168.50.2 255.255.255.0
         no shutdown
        exit
          interface range f0/14 - 15
            channel-group 1 mode on
           exit
          interface port-channel 1
            switchport trunk encapsulation dot1q
            switchport mode trunk
            switchport trunk native vlan 100
            switchport trunk allowed vlan except 100
          end
      wr
====================================================

# DS2: IP address; Etherchannel, Trunk, Native Vlan 100
    config terminal
      interface f0/14
         no switchport
         ip address 192.168.30.2 255.255.255.0
         no shutdown
        exit
      interface f0/15
         no switchport
         ip address 192.168.20.2 255.255.255.0
         no shutdown
        exit
      interface f0/11
         no switchport
         ip address 192.168.40.2 255.255.255.0
         no shutdown
        exit
          interface range f0/12 - 13
            channel-group 2 mode on
           exit
          interface port-channel 2
            switchport trunk encapsulation dot1q
            switchport mode trunk
            switchport trunk native vlan 100
            switchport trunk allowed vlan except 100
          end
      wr
====================================================

# AC1: IP address; Etherchannel, Trunk, Native Vlan 100
    config terminal
          interface range f0/14 - 15
            channel-group 1 mode on
           exit
          interface port-channel 1
            switchport trunk encapsulation dot1q
            switchport mode trunk
            switchport trunk native vlan 100
            switchport trunk allowed vlan except 100
           exit
          interface range f0/12 - 13
            channel-group 2 mode on
           exit
          interface port-channel 2
            switchport trunk encapsulation dot1q
            switchport mode trunk
            switchport trunk native vlan 100
            switchport trunk allowed vlan except 100
          end
      wr
====================================================
# Testing Etherchannel, Trunk
# show interface trunk
# show etherchannel summary
=====================================================

# STEP 3: CONFIGURE VTP; VLAN
# DS1: VTPserver, Vlan
    vlan database
       vtp domain newstar
       vtp password newstar
           vtp server
       vlan 10
       vlan 20
       vlan 30
       vlan 40
         exit
    config terminal
          vtp file nvram:vlan.dat
     end
     wr
=================================================
# DS2: VTPserver, Vlan
    vlan database
       vtp domain newstar
       vtp password newstar
           vtp server
       vlan 10
       vlan 20
       vlan 30
       vlan 40
         exit
    config terminal
          vtp file nvram:vlan.dat
     end
     wr
=================================================

# AC1: VTP Client
    vlan database
       vtp domain newstar
       vtp password newstar
        vtp client
      exit
     config terminal
       vtp file nvram:vlan.dat
      end
      wr
=================================================

# AC1: Switchport access vlan
    config terminal
      interface range f0/0 - 2
         switchport mode access
         switchport access vlan 10
        exit
      interface range f0/3 - 5
         switchport mode access
         switchport access vlan 20
        exit
      interface range f0/6 - 8
         switchport mode access
         switchport access vlan 30
        exit
      interface range f0/9 - 11
         switchport mode access
         switchport access vlan 40
        exit
      interface range f0/0 - 11
        spanning-tree portfast
        no shutdown
         end
     wr
==============================================

# STEP 4: CONFIGURE STP
# DS1: STP is Root   
    config terminal
        spanning-tree vlan 10 root primary
        spanning-tree vlan 20 root primary
        spanning-tree vlan 30 root primary
        spanning-tree vlan 40 root primary
     end
     wr
===============================================

# DS2: STP is Secondary
    config terminal
        spanning-tree vlan 10 root secondary
        spanning-tree vlan 20 root secondary
        spanning-tree vlan 30 root secondary
        spanning-tree vlan 40 root secondary
     end
     wr
===============================================

# STEP 5: CONFIGURE HSRP; IP ADDRESS VLAN
# DS1: HSRP
    config terminal
       interface vlan 10
       ip address 172.16.10.1 255.255.255.0
       standby 10 ip 172.16.10.254
       no shutdown
      exit
       interface vlan 20
       ip address 172.16.20.1 255.255.255.0
       standby 20 ip 172.16.20.254
       no shutdown
      exit
       interface vlan 30
       ip address 172.16.30.1 255.255.255.0
       standby 30 ip 172.16.30.254
       no shutdown
      exit
       interface vlan 40
       ip address 172.16.40.1 255.255.255.0
       standby 40 ip 172.16.40.254
       no shutdown
      end
      wr
===================================================

# DS2: HSRP
    config terminal
       interface vlan 10
       ip address 172.16.10.2 255.255.255.0
       standby 10 ip 172.16.10.254
       no shutdown
      exit
       interface vlan 20
       ip address 172.16.20.2 255.255.255.0
       standby 20 ip 172.16.20.254
       no shutdown
      exit
       interface vlan 30
       ip address 172.16.30.2 255.255.255.0
       standby 30 ip 172.16.30.254
       no shutdown
      exit
       interface vlan 40
       ip address 172.16.40.2 255.255.255.0
       standby 40 ip 172.16.40.254
       no shutdown
      end
      wr
===================================================

# STEP 6: DS1 IS ACTIVE VLAN 10; 20; DS2 IS ACTIVE 30; 40
# DS1: is active for Vlan 10;20
    config terminal
       interface vlan 10
       standby 10 preempt
       standby 10 priority 110
      exit
       interface vlan 20
       standby 20 preempt
       standby 20 priority 110
      end
      wr
===================================================

# DS2: is active for Vlan 30;40
    config terminal
       interface vlan 30
       standby 30 preempt
       standby 30 priority 110
      exit
       interface vlan 40
       standby 40 preempt
       standby 40 priority 110
      end
      wr
===================================================
# Testing HSRP
# show standby brief
===================================================
# STEP 7: CS1; CS2 CONFIGURE HSRP
# CS1: HSRP
    config terminal
       interface f0/14
       standby 1 ip 192.168.100.254
      end
     wr
===================================================

# CS2: HSRP
    config terminal
       interface f0/14
       standby 1 ip 192.168.100.254
      end
     wr
===================================================
# Testing HSRP
# show standby brief
===================================================

3, ROUTING WITH OSPF GUARANTEE CONVERGE NETWORK
# STEP 8: CS1;CS2; DS1;DS2;GW1;GW2 CONFIGURE ROUTING
# CS1: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 192.168.10.0 0.0.0.255 area 0
        network 192.168.40.0 0.0.0.255 area 0
        network 192.168.100.0 0.0.0.255 area 0
        network 10.10.10.0 0.0.0.255 area 0
      end
      wr
===================================================

# CS2: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 192.168.20.0 0.0.0.255 area 0
        network 192.168.50.0 0.0.0.255 area 0
        network 192.168.100.0 0.0.0.255 area 0
        network 20.20.20.0 0.0.0.255 area 0
      end
      wr
===================================================

# DS1: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 192.168.10.0 0.0.0.255 area 0
        network 192.168.50.0 0.0.0.255 area 0
        network 192.168.30.0 0.0.0.255 area 0
        network 172.16.10.0 0.0.0.255 area 0
        network 172.16.20.0 0.0.0.255 area 0
        network 172.16.30.0 0.0.0.255 area 0
        network 172.16.40.0 0.0.0.255 area 0
      end
      wr
===================================================

# DS2: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 192.168.20.0 0.0.0.255 area 0
        network 192.168.40.0 0.0.0.255 area 0
        network 192.168.30.0 0.0.0.255 area 0
        network 172.16.10.0 0.0.0.255 area 0
        network 172.16.20.0 0.0.0.255 area 0
        network 172.16.30.0 0.0.0.255 area 0
        network 172.16.40.0 0.0.0.255 area 0
      end
      wr
===================================================

# GW1: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 10.10.10.0 0.0.0.255 area 0
       end
       wr
====================================================
# GW2: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 20.20.20.0 0.0.0.255 area 0
       end
       wr
====================================================
# Testing ROUTING
# show ip route
===================================================

# STEP 9: CONFIGURE GW1;GW2 TO ALL PC GO TO INTERNET
# GW1: PAT TO GO TO INTERNET
    config terminal
       access-list 1 permit any
       ip nat inside source list 1 interface f0/0 overload
       interface f0/0
       ip nat outside
      exit
       interface f0/1
       ip nat inside
      end
      wr
====================================================

# GW2: PAT TO GO TO INTERNET
    config terminal
       access-list 1 permit any
       ip nat inside source list 1 interface f0/0 overload
       interface f0/0
       ip nat outside
      exit
       interface f0/1
       ip nat inside
      end
      wr
====================================================

# STEP 10: CONFIGURE GW1;GW2 TO ADVERTISMENT DEFAULT ROUTE
# GW1: ADVERTISMENT DEFAULT ROUTE
    config terminal
       router ospf 1
         default-information originate
       end
       wr
=====================================================

# GW2: ADVERTISMENT DEFAULT ROUTE
    config terminal
       router ospf 1
         default-information originate
       end
       wr
======================================================

# STEP 11: DS1; DS2 CONFIGURE PASSIVE-INTERFACE
# DS1: PASSIVE-INTERFACE
     config terminal
       router ospf 1
             passive-interface default
             no passive-interface f0/12
         no passive-interface f0/11
         no passive-interface f0/13
           end
        wr
=====================================================

# DS2: PASSIVE-INTERFACE
     config terminal
       router ospf 1
             passive-interface default
             no passive-interface f0/15
         no passive-interface f0/11
         no passive-interface f0/14
           end
        wr
====================================================

# STEP 12: DS1; DS2 CONFIGURE IP HELPER-ADDRESS
# DS1: ip helper-address
    config terminal
       interface vlan 10
         ip helper-address 192.168.100.253
       exit
       interface vlan 20
         ip helper-address 192.168.100.253
       exit
       interface vlan 30
         ip helper-address 192.168.100.253
       exit
       interface vlan 40
         ip helper-address 192.168.100.253
       end
       wr
====================================================

# DS2: ip helper-address
    config terminal
       interface vlan 10
         ip helper-address 192.168.100.253
       exit
       interface vlan 20
         ip helper-address 192.168.100.253
       exit
       interface vlan 30
         ip helper-address 192.168.100.253
       exit
       interface vlan 40
         ip helper-address 192.168.100.253
       end
       wr
====================================================

# STEP 13: CONFIGURE DHCP SERVER ON 2K3
# DHCP server 2k3
Create Scope Vlan10 (create pool)
Ip address range: 172.16.10.50-172.16.10.100
Default gateway: 172.16.10.254
DNS servers: 8.8.8.8

Create Scope Vlan20 (create pool)
Ip address range: 172.16.20.50-172.16.20.100
Default gateway: 172.16.20.254
DNS servers: 8.8.8.8

Create Scope Vlan30 (create pool)
Ip address range: 172.16.30.50-172.16.30.100
Default gateway: 172.16.30.254
DNS servers: 8.8.8.8

Create Scope Vlan40 (create pool)
Ip address range: 172.16.40.50-172.16.40.100
Default gateway: 172.16.40.254
DNS servers: 8.8.8.8
====================================================

CONFIGURE DOT1X (Enable AAA; configure RADIUS server;enable 802.1x globally; configure interface for 802.1x; define local user authentication)
1, BASIC CONFIGURE HOSTNAME
# SW1 SPEED UP
# STEP 1: HOSTNAME SW1
      enable
    config terminal
    hostname SW1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=============================================

# STEP 2: ASSING IP ADDRESS FOR INTERFACE VLAN1; USERNAME, PASSWORD
    config terminal
      username admin password 123
      interface vlan 1
        ip address 192.168.100.1 255.255.255.0
       end
      wr
==============================================

# STEP 3: (Enable AAA; configure RADIUS server;enable 802.1x globally; configure interface for 802.1x; define local user authentication)
    config terminal
       aaa new-model
       radius-server host 192.168.100.253 key 123456
       aaa authentication dot1x defaul group radius
       aaa authorization network default group radius
       dot1x system-auth-control
     interface range f0/1 - 23
       switchport mode access
       dot1x port-control auto
     end
     wr
=========================================================================

# STEP 4: CONFIGURE VLAN
    config terminal
          vlan 10,20,30,40
     end
     wr
======================================================

# CONFIGURE CISCOSECURE ACS
# Configure AAA Server
# AAA Server Name: Server; # AAA Server IP Address: 192.168.100.253
# Configure AAA Client Hostname
# AAA AAA Client Hostname: client; # AAA Client IP Address: 192.168.100.1
# Create UserSetup: u1; u2; u3; u4. pass: 12345678
# Create GroupSetup: Vlan 10; Vlan 20; Vlan 30; Vlan 40 -> Editseting
===============================================================
# STEP 5: Test
# test aaa group radius server 192.168.100.253 u1 12345678 legacy
===========================================
====================THE END================


Người đăng: vào lúc Không có nhận xét nào:

Thứ Hai, 21 tháng 11, 2011

CONFIG MPLS VPN L3 (EIGRP PE CE)

CONFIG MPLS VPN L3 (EIGRP PE CE)

1, BASIC CONFIG, HOSTNAME, IP ADDRESS ACCORDING TO THE DIAGRAM.
# R3_P SPEED UP
# STEP 1: HOSTNAME R3_P
      enable
config terminal
hostname R3_P
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
==================================

# STEP 1: HOSTNAME R2_PE
      enable
config terminal
hostname R2_PE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
===================================

# STEP 1: HOSTNAME R4_PE
      enable
config terminal
hostname R4_PE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
=========================================

# STEP 1: HOSTNAME R1_CE
      enable
config terminal
hostname R1_CE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
=========================================

# STEP 1: HOSTNAME R5_CE
      enable
config terminal
hostname R5_CE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
========================================

# STEP 1: HOSTNAME R6_CE
      enable
config terminal
hostname R6_CE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
============================================

# STEP 1: HOSTNAME R7_CE
      enable
config terminal
hostname R7_CE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
=========================================

# STEP2: ASSIGN IP ADDRESS AND LOOPBACKS
# R3_P ASSIGN IP ADDRESS 
     config terminal
interface s0/0
           ip address 192.168.23.3 255.255.255.0
  no shutdown
interface s0/1
           ip address 192.168.34.3 255.255.255.0
  no shutdown
end
wr
=============================================

# R2_PE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/2
           ip address 192.168.23.2 255.255.255.0
  no shutdown
interface s0/1
           ip address 192.168.26.2 255.255.255.0
  no shutdown
interface s0/0
           ip address 192.168.12.2 255.255.255.0
  no shutdown
interface loopback0
           ip address 2.2.2.2 255.255.255.255
  no shutdown
end
wr
=================================================

# R4_PE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/1
           ip address 192.168.34.4 255.255.255.0
  no shutdown
interface s0/2
           ip address 192.168.47.4 255.255.255.0
  no shutdown
interface s0/0
           ip address 192.168.45.4 255.255.255.0
  no shutdown
interface loopback0
           ip address 4.4.4.4 255.255.255.255
  no shutdown
end
wr
======================================================

# R1_CE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/0
           ip address 192.168.12.1 255.255.255.0
  no shutdown
interface loopback0
           ip address 1.1.1.1 255.255.255.0
  no shutdown
end
wr
======================================================

# R5_CE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/0
           ip address 192.168.45.5 255.255.255.0
  no shutdown
interface loopback0
           ip address 5.5.5.5 255.255.255.0
  no shutdown
end
wr
=====================================================

# R6_CE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/1
           ip address 192.168.26.6 255.255.255.0
  no shutdown
interface loopback0
           ip address 6.6.6.6 255.255.255.0
  no shutdown
end
wr
=======================================================

# R7_CE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/2
           ip address 192.168.47.7 255.255.255.0
  no shutdown
interface loopback0
           ip address 7.7.7.7 255.255.255.0
  no shutdown
end
wr
=========================================================

# STEP 3: ROUTING WITH OSPF IN CORE NETWORK PROVIDE
# R3_P ROUTING WITH OSPF 1
      config terminal
         router ospf 1
            network 192.168.23.0 0.0.0.255 area 0
            network 192.168.34.0 0.0.0.255 area 0
         end
       wr
========================================================

# R2_PE ROUTING WITH OSPF 1
      config terminal
         router ospf 1
            network 192.168.23.0 0.0.0.255 area 0
            network 2.2.2.2 0.0.0.0 area 0
         end
       wr
========================================================

# R4_PE ROUTING WITH OSPF 1
      config terminal
         router ospf 1
            network 192.168.34.0 0.0.0.255 area 0
            network 4.4.4.4 0.0.0.0 area 0
         end
       wr
=========================================================

# STEP 4: CONFIGURE MPLS IN CORE NETWORK PROVIDE
# R3_P CONFIGURE MPLS
      config terminal
         interface s0/0
            mpls label protocol ldp
            mpls ip
         interface s0/1
            mpls label protocol ldp
            mpls ip
          end
         wr
=====================================================

# R2_PE CONFIGURE MPLS
      config terminal
         interface s0/2
            mpls label protocol ldp
            mpls ip
          end
         wr
======================================================

# R4_PE CONFIGURE MPLS
      config terminal
         interface s0/1
            mpls label protocol ldp
            mpls ip
          end
         wr
======================================================
# Testing table routing, LIB, LFIB, CEF
# show ip route
# show mpls ldp neighbor
# show mpls forwarding-table (LFIB)
# show mpls ldp bindings (FIB)
# show ip cef 
========================================================

2, CREATED BY CORRESPONDING VRF FOR EACH CUSTOMER ON ROUTER PE 
# STEP 5: ON ROUTER PE CREATED BY CORRESPONDING VRF FOR EACH CUSTOMER  
# SITE A 
# R2_PE 
     config terminal
ip vrf siteA
 rd 15:15
 route-target export 1:1
 route-target import 5:5
end
wr
=========================================================

# R4_PE 
     config terminal
ip vrf siteA
 rd 15:15
 route-target export 5:5
 route-target import 1:1
end
wr
============================================================
 
# SITE B 
# R2_PE 
     config terminal
ip vrf siteB
 rd 67:67
 route-target export 6:6
 route-target import 7:7
end
wr
=========================================================

# R4_PE 
     config terminal
ip vrf siteB
 rd 67:67
 route-target export 7:7
 route-target import 6:6
end
wr
============================================================
# Testing table VRF on R2_PE; R4_PE
# show ip vrf
============================================================

# STEP 6: ASSOCIATE TABLE VRF WITH INTERFACE OF EACH CUSTOMER 
# SITE A 
# R2_PE 
     config terminal
interface s0/0
 ip vrf forwarding siteA
 ip address 192.168.12.2 255.255.255.0
end
wr
===================================================

# R4_PE
     config terminal
interface s0/0
 ip vrf forwarding siteA
 ip address 192.168.45.4 255.255.255.0
end
wr
===================================================

# SITE B 
# R2_PE 
     config terminal
interface s0/1
 ip vrf forwarding siteB
 ip address 192.168.26.2 255.255.255.0
end
wr
===================================================

# R4_PE 
     config terminal
interface s0/2
 ip vrf forwarding siteB
 ip address 192.168.47.4 255.255.255.0
end
wr
===================================================
# Testing routing VRF and ping on R2_PE; R4_PE
# show ip route vrf siteA
# ping vrf siteA 192.168.12.1
# show ip route vrf siteB
# ping vrf siteB 192.168.45.5
====================================================

3 ROUTING WITH EIGRP BETWEEN PE AND CE 
# STEP7: CONFIGURE ON ROUTER PE OF PROVIDE
# R2_PE SITE A
      config terminal
        router eigrp 1
 address-family ipv4 vrf siteA
   network 192.168.12.0
   no auto-summary
   autonomous-system 101
   redistribute bgp 24 metric 1000 100 255 1 1500
 end
wr
===========================================================
 
# R4_PE SITE A
      config terminal
        router eigrp 1
 address-family ipv4 vrf siteA
   network 192.168.45.0
   no auto-summary
   autonomous-system 101
   redistribute bgp 24 metric 1000 100 255 1 1500
 end
wr
===========================================================

# R2_PE SITE B
      config terminal
        router eigrp 1
 address-family ipv4 vrf siteB
   network 192.168.26.0
   no auto-summary
   autonomous-system 201
   redistribute bgp 24 metric 1000 100 255 1 1500
 end
wr
===========================================================

# R4_PE SITE B
      config terminal
        router eigrp 1
 address-family ipv4 vrf siteB
   network 192.168.47.0
   no auto-summary
   autonomous-system 202
   redistribute bgp 24 metric 1000 100 255 1 1500
 end
wr
===========================================================

# STEP8: CONFIGURE ON ROUTER CE OF CUSTOMER
# R1_CE
     config terminal
        router eigrp 101
network 192.168.12.0
network 1.1.1.0
no auto-summary
      end
      wr
===========================================================

# R5_CE
     config terminal
        router eigrp 101
network 192.168.45.0
network 5.5.5.0
no auto-summary
      end
      wr
============================================================

# R6_CE
     config terminal
        router eigrp 201
network 192.168.26.0
network 6.6.6.0
no auto-summary
      end
      wr
============================================================

# R7_CE
     config terminal
        router eigrp 202
network 192.168.47.0
network 7.7.7.0
no auto-summary
      end
      wr
==========================================================
# Testing establish VRF neighborly relations on R2_PE, R4_PE
# show ip eigrp vrf siteA neighbors
# show ip eigrp vrf siteB neighbors
# Test establish neighborly relations on R1_CE, R5_CE, R6_CE, R7_CE
# show ip eigrp neighbors 
==========================================================

4 ROUTING WITH MP-BGP BETWEEN PE AND PE 
# STEP8: ESTABLISH NEIGHBOR RELATION MP-BGP BETWEEN R2_PE AND R4_PE
# R2_PE
     config terminal
router bgp 24
 neighbor 4.4.4.4 remote-as 24
          neighbor 4.4.4.4 update-source loopback 0
end
wr
==========================================================

# R4_PE
     config terminal
router bgp 24
 neighbor 2.2.2.2 remote-as 24
          neighbor 2.2.2.2 update-source loopback 0
end
wr
=========================================================
# Testing establish BGP neighborly relations on R2_PE, R4_PE
# show ip bgp summary
=========================================================

5 CONFIGURE VPNv4 ADDRESS-FAMILY 
# STEP9: CONFIGURE VPNv4 ADDRESS-FAMILY 
# R2_PE
     config terminal
router bgp 24
 address-family vpnv4
          neighbor 4.4.4.4 activate
end
wr
=========================================================

# R4_PE
     config terminal
router bgp 24
 address-family vpnv4
          neighbor 2.2.2.2 activate
end
wr
=========================================================

6 CONFIGURE IPv4 ADDRESS-FAMILY
# STEP10: CONFIGURE IPv4 ADDRESS-FAMILY 
# R2_PE siteA
     config terminal
router bgp 24
 address-family ipv4 vrf siteA
          redistribute eigrp 101
end
wr
=========================================================

# R4_PE siteA
     config terminal
router bgp 24
 address-family ipv4 vrf siteA
          redistribute eigrp 101
end
wr
==========================================================

# R2_PE siteB
     config terminal
router bgp 24
 address-family ipv4 vrf siteB
          redistribute eigrp 201
end
wr
=========================================================

# R2_PE siteB
     config terminal
router bgp 24
 address-family ipv4 vrf siteB
          redistribute eigrp 202
end
wr
==========================================================
     =======================THE END================
Người đăng: vào lúc Không có nhận xét nào:
Đăng ký: Bài đăng (Atom)