Thứ Sáu, 25 tháng 11, 2011

CONFIGURE LABSW FINAL1 (Etherchannel, Trunk, Native Vlan...)

CONFIGURE LABSW FINAL1
1, BASIC CONFIGURE HOSTNAME, IP ADDRESS ACCORDING TO THE DIAGRAM
# AC1: Hostname, Etherchannel, Trunk, Native Vlan 100
# AC1 SPEED UP
# STEP 1: HOSTNAME AC1
      enable
    config terminal
    hostname AC1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME DS1
      enable
    config terminal
    hostname DS1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
===================================================

# STEP 1: HOSTNAME DS2
      enable
    config terminal
    hostname DS2
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME CS1
      enable
    config terminal
    hostname CS1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME CS2
      enable
    config terminal
    hostname CS2
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME SWSERVER
      enable
    config terminal
    hostname SWSERVER
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME GW1
      enable
    config terminal
    hostname GW1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# STEP 1: HOSTNAME GW2
      enable
    config terminal
    hostname GW2
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
====================================================

# CS1: CONFIGURE IP ADDRESS
    config terminal
      interface f0/12
         no switchport
         ip address 192.168.40.1 255.255.255.0
         no shutdown
        exit
      interface f0/13
         no switchport
         ip address 10.10.10.1 255.255.255.0
         no shutdown
        exit
      interface f0/14
         no switchport
         ip address 192.168.100.1 255.255.255.0
         no shutdown
        exit
      interface f0/15
         no switchport
         ip address 192.168.10.1 255.255.255.0
         no shutdown
        end
        wr
=====================================================

# CS2: CONFIGURE IP ADDRESS
    config terminal
      interface f0/12
         no switchport
         ip address 192.168.50.1 255.255.255.0
         no shutdown
        exit
      interface f0/13
         no switchport
         ip address 20.20.20.1 255.255.255.0
         no shutdown
        exit
      interface f0/14
         no switchport
         ip address 192.168.100.2 255.255.255.0
         no shutdown
        exit
      interface f0/15
         no switchport
         ip address 192.168.20.1 255.255.255.0
         no shutdown
        end
        wr
=====================================================

# GW1: CONFIGURE IP ADDRESS
    config terminal
      interface f0/1
         ip address 10.10.10.2 255.255.255.0
         no shutdown
        exit
      interface f0/0
         ip address dhcp
         no shutdown
        end
        wr
====================================================

# GW2: CONFIGURE IP ADDRESS
    config terminal
      interface f0/1
         ip address 20.20.20.2 255.255.255.0
         no shutdown
        exit
      interface f0/0
         ip address dhcp
         no shutdown
        end
        wr
====================================================

2, DS1; DS2; AC1 CONFIGURE ETHERCHANNEL; TRUNK; NATIVLAN 100; VTP; STP
# STEP 2: IP ADDRESS; ETHERCHANNEL; TRUNK; NATIVE VLAN 100
# DS1: IP address; Etherchannel, Trunk, Native Vlan 100
    config terminal
      interface f0/13
         no switchport
         ip address 192.168.30.1 255.255.255.0
         no shutdown
        exit
      interface f0/12
         no switchport
         ip address 192.168.10.2 255.255.255.0
         no shutdown
        exit
      interface f0/11
         no switchport
         ip address 192.168.50.2 255.255.255.0
         no shutdown
        exit
          interface range f0/14 - 15
            channel-group 1 mode on
           exit
          interface port-channel 1
            switchport trunk encapsulation dot1q
            switchport mode trunk
            switchport trunk native vlan 100
            switchport trunk allowed vlan except 100
          end
      wr
====================================================

# DS2: IP address; Etherchannel, Trunk, Native Vlan 100
    config terminal
      interface f0/14
         no switchport
         ip address 192.168.30.2 255.255.255.0
         no shutdown
        exit
      interface f0/15
         no switchport
         ip address 192.168.20.2 255.255.255.0
         no shutdown
        exit
      interface f0/11
         no switchport
         ip address 192.168.40.2 255.255.255.0
         no shutdown
        exit
          interface range f0/12 - 13
            channel-group 2 mode on
           exit
          interface port-channel 2
            switchport trunk encapsulation dot1q
            switchport mode trunk
            switchport trunk native vlan 100
            switchport trunk allowed vlan except 100
          end
      wr
====================================================

# AC1: IP address; Etherchannel, Trunk, Native Vlan 100
    config terminal
          interface range f0/14 - 15
            channel-group 1 mode on
           exit
          interface port-channel 1
            switchport trunk encapsulation dot1q
            switchport mode trunk
            switchport trunk native vlan 100
            switchport trunk allowed vlan except 100
           exit
          interface range f0/12 - 13
            channel-group 2 mode on
           exit
          interface port-channel 2
            switchport trunk encapsulation dot1q
            switchport mode trunk
            switchport trunk native vlan 100
            switchport trunk allowed vlan except 100
          end
      wr
====================================================
# Testing Etherchannel, Trunk
# show interface trunk
# show etherchannel summary
=====================================================

# STEP 3: CONFIGURE VTP; VLAN
# DS1: VTPserver, Vlan
    vlan database
       vtp domain newstar
       vtp password newstar
           vtp server
       vlan 10
       vlan 20
       vlan 30
       vlan 40
         exit
    config terminal
          vtp file nvram:vlan.dat
     end
     wr
=================================================
# DS2: VTPserver, Vlan
    vlan database
       vtp domain newstar
       vtp password newstar
           vtp server
       vlan 10
       vlan 20
       vlan 30
       vlan 40
         exit
    config terminal
          vtp file nvram:vlan.dat
     end
     wr
=================================================

# AC1: VTP Client
    vlan database
       vtp domain newstar
       vtp password newstar
        vtp client
      exit
     config terminal
       vtp file nvram:vlan.dat
      end
      wr
=================================================

# AC1: Switchport access vlan
    config terminal
      interface range f0/0 - 2
         switchport mode access
         switchport access vlan 10
        exit
      interface range f0/3 - 5
         switchport mode access
         switchport access vlan 20
        exit
      interface range f0/6 - 8
         switchport mode access
         switchport access vlan 30
        exit
      interface range f0/9 - 11
         switchport mode access
         switchport access vlan 40
        exit
      interface range f0/0 - 11
        spanning-tree portfast
        no shutdown
         end
     wr
==============================================

# STEP 4: CONFIGURE STP
# DS1: STP is Root   
    config terminal
        spanning-tree vlan 10 root primary
        spanning-tree vlan 20 root primary
        spanning-tree vlan 30 root primary
        spanning-tree vlan 40 root primary
     end
     wr
===============================================

# DS2: STP is Secondary
    config terminal
        spanning-tree vlan 10 root secondary
        spanning-tree vlan 20 root secondary
        spanning-tree vlan 30 root secondary
        spanning-tree vlan 40 root secondary
     end
     wr
===============================================

# STEP 5: CONFIGURE HSRP; IP ADDRESS VLAN
# DS1: HSRP
    config terminal
       interface vlan 10
       ip address 172.16.10.1 255.255.255.0
       standby 10 ip 172.16.10.254
       no shutdown
      exit
       interface vlan 20
       ip address 172.16.20.1 255.255.255.0
       standby 20 ip 172.16.20.254
       no shutdown
      exit
       interface vlan 30
       ip address 172.16.30.1 255.255.255.0
       standby 30 ip 172.16.30.254
       no shutdown
      exit
       interface vlan 40
       ip address 172.16.40.1 255.255.255.0
       standby 40 ip 172.16.40.254
       no shutdown
      end
      wr
===================================================

# DS2: HSRP
    config terminal
       interface vlan 10
       ip address 172.16.10.2 255.255.255.0
       standby 10 ip 172.16.10.254
       no shutdown
      exit
       interface vlan 20
       ip address 172.16.20.2 255.255.255.0
       standby 20 ip 172.16.20.254
       no shutdown
      exit
       interface vlan 30
       ip address 172.16.30.2 255.255.255.0
       standby 30 ip 172.16.30.254
       no shutdown
      exit
       interface vlan 40
       ip address 172.16.40.2 255.255.255.0
       standby 40 ip 172.16.40.254
       no shutdown
      end
      wr
===================================================

# STEP 6: DS1 IS ACTIVE VLAN 10; 20; DS2 IS ACTIVE 30; 40
# DS1: is active for Vlan 10;20
    config terminal
       interface vlan 10
       standby 10 preempt
       standby 10 priority 110
      exit
       interface vlan 20
       standby 20 preempt
       standby 20 priority 110
      end
      wr
===================================================

# DS2: is active for Vlan 30;40
    config terminal
       interface vlan 30
       standby 30 preempt
       standby 30 priority 110
      exit
       interface vlan 40
       standby 40 preempt
       standby 40 priority 110
      end
      wr
===================================================
# Testing HSRP
# show standby brief
===================================================
# STEP 7: CS1; CS2 CONFIGURE HSRP
# CS1: HSRP
    config terminal
       interface f0/14
       standby 1 ip 192.168.100.254
      end
     wr
===================================================

# CS2: HSRP
    config terminal
       interface f0/14
       standby 1 ip 192.168.100.254
      end
     wr
===================================================
# Testing HSRP
# show standby brief
===================================================

3, ROUTING WITH OSPF GUARANTEE CONVERGE NETWORK
# STEP 8: CS1;CS2; DS1;DS2;GW1;GW2 CONFIGURE ROUTING
# CS1: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 192.168.10.0 0.0.0.255 area 0
        network 192.168.40.0 0.0.0.255 area 0
        network 192.168.100.0 0.0.0.255 area 0
        network 10.10.10.0 0.0.0.255 area 0
      end
      wr
===================================================

# CS2: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 192.168.20.0 0.0.0.255 area 0
        network 192.168.50.0 0.0.0.255 area 0
        network 192.168.100.0 0.0.0.255 area 0
        network 20.20.20.0 0.0.0.255 area 0
      end
      wr
===================================================

# DS1: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 192.168.10.0 0.0.0.255 area 0
        network 192.168.50.0 0.0.0.255 area 0
        network 192.168.30.0 0.0.0.255 area 0
        network 172.16.10.0 0.0.0.255 area 0
        network 172.16.20.0 0.0.0.255 area 0
        network 172.16.30.0 0.0.0.255 area 0
        network 172.16.40.0 0.0.0.255 area 0
      end
      wr
===================================================

# DS2: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 192.168.20.0 0.0.0.255 area 0
        network 192.168.40.0 0.0.0.255 area 0
        network 192.168.30.0 0.0.0.255 area 0
        network 172.16.10.0 0.0.0.255 area 0
        network 172.16.20.0 0.0.0.255 area 0
        network 172.16.30.0 0.0.0.255 area 0
        network 172.16.40.0 0.0.0.255 area 0
      end
      wr
===================================================

# GW1: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 10.10.10.0 0.0.0.255 area 0
       end
       wr
====================================================
# GW2: ROUTING WITH OSPF
    config terminal
      router ospf 1
        network 20.20.20.0 0.0.0.255 area 0
       end
       wr
====================================================
# Testing ROUTING
# show ip route
===================================================

# STEP 9: CONFIGURE GW1;GW2 TO ALL PC GO TO INTERNET
# GW1: PAT TO GO TO INTERNET
    config terminal
       access-list 1 permit any
       ip nat inside source list 1 interface f0/0 overload
       interface f0/0
       ip nat outside
      exit
       interface f0/1
       ip nat inside
      end
      wr
====================================================

# GW2: PAT TO GO TO INTERNET
    config terminal
       access-list 1 permit any
       ip nat inside source list 1 interface f0/0 overload
       interface f0/0
       ip nat outside
      exit
       interface f0/1
       ip nat inside
      end
      wr
====================================================

# STEP 10: CONFIGURE GW1;GW2 TO ADVERTISMENT DEFAULT ROUTE
# GW1: ADVERTISMENT DEFAULT ROUTE
    config terminal
       router ospf 1
         default-information originate
       end
       wr
=====================================================

# GW2: ADVERTISMENT DEFAULT ROUTE
    config terminal
       router ospf 1
         default-information originate
       end
       wr
======================================================

# STEP 11: DS1; DS2 CONFIGURE PASSIVE-INTERFACE
# DS1: PASSIVE-INTERFACE
     config terminal
       router ospf 1
             passive-interface default
             no passive-interface f0/12
         no passive-interface f0/11
         no passive-interface f0/13
           end
        wr
=====================================================

# DS2: PASSIVE-INTERFACE
     config terminal
       router ospf 1
             passive-interface default
             no passive-interface f0/15
         no passive-interface f0/11
         no passive-interface f0/14
           end
        wr
====================================================

# STEP 12: DS1; DS2 CONFIGURE IP HELPER-ADDRESS
# DS1: ip helper-address
    config terminal
       interface vlan 10
         ip helper-address 192.168.100.253
       exit
       interface vlan 20
         ip helper-address 192.168.100.253
       exit
       interface vlan 30
         ip helper-address 192.168.100.253
       exit
       interface vlan 40
         ip helper-address 192.168.100.253
       end
       wr
====================================================

# DS2: ip helper-address
    config terminal
       interface vlan 10
         ip helper-address 192.168.100.253
       exit
       interface vlan 20
         ip helper-address 192.168.100.253
       exit
       interface vlan 30
         ip helper-address 192.168.100.253
       exit
       interface vlan 40
         ip helper-address 192.168.100.253
       end
       wr
====================================================

# STEP 13: CONFIGURE DHCP SERVER ON 2K3
# DHCP server 2k3
Create Scope Vlan10 (create pool)
Ip address range: 172.16.10.50-172.16.10.100
Default gateway: 172.16.10.254
DNS servers: 8.8.8.8

Create Scope Vlan20 (create pool)
Ip address range: 172.16.20.50-172.16.20.100
Default gateway: 172.16.20.254
DNS servers: 8.8.8.8

Create Scope Vlan30 (create pool)
Ip address range: 172.16.30.50-172.16.30.100
Default gateway: 172.16.30.254
DNS servers: 8.8.8.8

Create Scope Vlan40 (create pool)
Ip address range: 172.16.40.50-172.16.40.100
Default gateway: 172.16.40.254
DNS servers: 8.8.8.8
====================================================

CONFIGURE DOT1X (Enable AAA; configure RADIUS server;enable 802.1x globally; configure interface for 802.1x; define local user authentication)
1, BASIC CONFIGURE HOSTNAME
# SW1 SPEED UP
# STEP 1: HOSTNAME SW1
      enable
    config terminal
    hostname SW1
    line console 0
    loggin synch
    no exec-timeout
    no ip domain-lookup
    line console 0
       privilege level 15
       no login
    line vty 0 4
       privilege level 15
       no login
    end
    wr
=============================================

# STEP 2: ASSING IP ADDRESS FOR INTERFACE VLAN1; USERNAME, PASSWORD
    config terminal
      username admin password 123
      interface vlan 1
        ip address 192.168.100.1 255.255.255.0
       end
      wr
==============================================

# STEP 3: (Enable AAA; configure RADIUS server;enable 802.1x globally; configure interface for 802.1x; define local user authentication)
    config terminal
       aaa new-model
       radius-server host 192.168.100.253 key 123456
       aaa authentication dot1x defaul group radius
       aaa authorization network default group radius
       dot1x system-auth-control
     interface range f0/1 - 23
       switchport mode access
       dot1x port-control auto
     end
     wr
=========================================================================

# STEP 4: CONFIGURE VLAN
    config terminal
          vlan 10,20,30,40
     end
     wr
======================================================

# CONFIGURE CISCOSECURE ACS
# Configure AAA Server
# AAA Server Name: Server; # AAA Server IP Address: 192.168.100.253
# Configure AAA Client Hostname
# AAA AAA Client Hostname: client; # AAA Client IP Address: 192.168.100.1
# Create UserSetup: u1; u2; u3; u4. pass: 12345678
# Create GroupSetup: Vlan 10; Vlan 20; Vlan 30; Vlan 40 -> Editseting
===============================================================
# STEP 5: Test
# test aaa group radius server 192.168.100.253 u1 12345678 legacy
===========================================
====================THE END================


Người đăng: vào lúc Không có nhận xét nào:

Thứ Hai, 21 tháng 11, 2011

CONFIG MPLS VPN L3 (EIGRP PE CE)

CONFIG MPLS VPN L3 (EIGRP PE CE)

1, BASIC CONFIG, HOSTNAME, IP ADDRESS ACCORDING TO THE DIAGRAM.
# R3_P SPEED UP
# STEP 1: HOSTNAME R3_P
      enable
config terminal
hostname R3_P
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
==================================

# STEP 1: HOSTNAME R2_PE
      enable
config terminal
hostname R2_PE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
===================================

# STEP 1: HOSTNAME R4_PE
      enable
config terminal
hostname R4_PE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
=========================================

# STEP 1: HOSTNAME R1_CE
      enable
config terminal
hostname R1_CE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
=========================================

# STEP 1: HOSTNAME R5_CE
      enable
config terminal
hostname R5_CE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
========================================

# STEP 1: HOSTNAME R6_CE
      enable
config terminal
hostname R6_CE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
============================================

# STEP 1: HOSTNAME R7_CE
      enable
config terminal
hostname R7_CE
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
line console 0
  privilege level 15
  no login
line vty 0 4
  privilege level 15
  no login
end
wr
=========================================

# STEP2: ASSIGN IP ADDRESS AND LOOPBACKS
# R3_P ASSIGN IP ADDRESS 
     config terminal
interface s0/0
           ip address 192.168.23.3 255.255.255.0
  no shutdown
interface s0/1
           ip address 192.168.34.3 255.255.255.0
  no shutdown
end
wr
=============================================

# R2_PE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/2
           ip address 192.168.23.2 255.255.255.0
  no shutdown
interface s0/1
           ip address 192.168.26.2 255.255.255.0
  no shutdown
interface s0/0
           ip address 192.168.12.2 255.255.255.0
  no shutdown
interface loopback0
           ip address 2.2.2.2 255.255.255.255
  no shutdown
end
wr
=================================================

# R4_PE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/1
           ip address 192.168.34.4 255.255.255.0
  no shutdown
interface s0/2
           ip address 192.168.47.4 255.255.255.0
  no shutdown
interface s0/0
           ip address 192.168.45.4 255.255.255.0
  no shutdown
interface loopback0
           ip address 4.4.4.4 255.255.255.255
  no shutdown
end
wr
======================================================

# R1_CE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/0
           ip address 192.168.12.1 255.255.255.0
  no shutdown
interface loopback0
           ip address 1.1.1.1 255.255.255.0
  no shutdown
end
wr
======================================================

# R5_CE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/0
           ip address 192.168.45.5 255.255.255.0
  no shutdown
interface loopback0
           ip address 5.5.5.5 255.255.255.0
  no shutdown
end
wr
=====================================================

# R6_CE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/1
           ip address 192.168.26.6 255.255.255.0
  no shutdown
interface loopback0
           ip address 6.6.6.6 255.255.255.0
  no shutdown
end
wr
=======================================================

# R7_CE ASSIGN IP ADDRESS AND LOOPBACKS
     config terminal
interface s0/2
           ip address 192.168.47.7 255.255.255.0
  no shutdown
interface loopback0
           ip address 7.7.7.7 255.255.255.0
  no shutdown
end
wr
=========================================================

# STEP 3: ROUTING WITH OSPF IN CORE NETWORK PROVIDE
# R3_P ROUTING WITH OSPF 1
      config terminal
         router ospf 1
            network 192.168.23.0 0.0.0.255 area 0
            network 192.168.34.0 0.0.0.255 area 0
         end
       wr
========================================================

# R2_PE ROUTING WITH OSPF 1
      config terminal
         router ospf 1
            network 192.168.23.0 0.0.0.255 area 0
            network 2.2.2.2 0.0.0.0 area 0
         end
       wr
========================================================

# R4_PE ROUTING WITH OSPF 1
      config terminal
         router ospf 1
            network 192.168.34.0 0.0.0.255 area 0
            network 4.4.4.4 0.0.0.0 area 0
         end
       wr
=========================================================

# STEP 4: CONFIGURE MPLS IN CORE NETWORK PROVIDE
# R3_P CONFIGURE MPLS
      config terminal
         interface s0/0
            mpls label protocol ldp
            mpls ip
         interface s0/1
            mpls label protocol ldp
            mpls ip
          end
         wr
=====================================================

# R2_PE CONFIGURE MPLS
      config terminal
         interface s0/2
            mpls label protocol ldp
            mpls ip
          end
         wr
======================================================

# R4_PE CONFIGURE MPLS
      config terminal
         interface s0/1
            mpls label protocol ldp
            mpls ip
          end
         wr
======================================================
# Testing table routing, LIB, LFIB, CEF
# show ip route
# show mpls ldp neighbor
# show mpls forwarding-table (LFIB)
# show mpls ldp bindings (FIB)
# show ip cef 
========================================================

2, CREATED BY CORRESPONDING VRF FOR EACH CUSTOMER ON ROUTER PE 
# STEP 5: ON ROUTER PE CREATED BY CORRESPONDING VRF FOR EACH CUSTOMER  
# SITE A 
# R2_PE 
     config terminal
ip vrf siteA
 rd 15:15
 route-target export 1:1
 route-target import 5:5
end
wr
=========================================================

# R4_PE 
     config terminal
ip vrf siteA
 rd 15:15
 route-target export 5:5
 route-target import 1:1
end
wr
============================================================
 
# SITE B 
# R2_PE 
     config terminal
ip vrf siteB
 rd 67:67
 route-target export 6:6
 route-target import 7:7
end
wr
=========================================================

# R4_PE 
     config terminal
ip vrf siteB
 rd 67:67
 route-target export 7:7
 route-target import 6:6
end
wr
============================================================
# Testing table VRF on R2_PE; R4_PE
# show ip vrf
============================================================

# STEP 6: ASSOCIATE TABLE VRF WITH INTERFACE OF EACH CUSTOMER 
# SITE A 
# R2_PE 
     config terminal
interface s0/0
 ip vrf forwarding siteA
 ip address 192.168.12.2 255.255.255.0
end
wr
===================================================

# R4_PE
     config terminal
interface s0/0
 ip vrf forwarding siteA
 ip address 192.168.45.4 255.255.255.0
end
wr
===================================================

# SITE B 
# R2_PE 
     config terminal
interface s0/1
 ip vrf forwarding siteB
 ip address 192.168.26.2 255.255.255.0
end
wr
===================================================

# R4_PE 
     config terminal
interface s0/2
 ip vrf forwarding siteB
 ip address 192.168.47.4 255.255.255.0
end
wr
===================================================
# Testing routing VRF and ping on R2_PE; R4_PE
# show ip route vrf siteA
# ping vrf siteA 192.168.12.1
# show ip route vrf siteB
# ping vrf siteB 192.168.45.5
====================================================

3 ROUTING WITH EIGRP BETWEEN PE AND CE 
# STEP7: CONFIGURE ON ROUTER PE OF PROVIDE
# R2_PE SITE A
      config terminal
        router eigrp 1
 address-family ipv4 vrf siteA
   network 192.168.12.0
   no auto-summary
   autonomous-system 101
   redistribute bgp 24 metric 1000 100 255 1 1500
 end
wr
===========================================================
 
# R4_PE SITE A
      config terminal
        router eigrp 1
 address-family ipv4 vrf siteA
   network 192.168.45.0
   no auto-summary
   autonomous-system 101
   redistribute bgp 24 metric 1000 100 255 1 1500
 end
wr
===========================================================

# R2_PE SITE B
      config terminal
        router eigrp 1
 address-family ipv4 vrf siteB
   network 192.168.26.0
   no auto-summary
   autonomous-system 201
   redistribute bgp 24 metric 1000 100 255 1 1500
 end
wr
===========================================================

# R4_PE SITE B
      config terminal
        router eigrp 1
 address-family ipv4 vrf siteB
   network 192.168.47.0
   no auto-summary
   autonomous-system 202
   redistribute bgp 24 metric 1000 100 255 1 1500
 end
wr
===========================================================

# STEP8: CONFIGURE ON ROUTER CE OF CUSTOMER
# R1_CE
     config terminal
        router eigrp 101
network 192.168.12.0
network 1.1.1.0
no auto-summary
      end
      wr
===========================================================

# R5_CE
     config terminal
        router eigrp 101
network 192.168.45.0
network 5.5.5.0
no auto-summary
      end
      wr
============================================================

# R6_CE
     config terminal
        router eigrp 201
network 192.168.26.0
network 6.6.6.0
no auto-summary
      end
      wr
============================================================

# R7_CE
     config terminal
        router eigrp 202
network 192.168.47.0
network 7.7.7.0
no auto-summary
      end
      wr
==========================================================
# Testing establish VRF neighborly relations on R2_PE, R4_PE
# show ip eigrp vrf siteA neighbors
# show ip eigrp vrf siteB neighbors
# Test establish neighborly relations on R1_CE, R5_CE, R6_CE, R7_CE
# show ip eigrp neighbors 
==========================================================

4 ROUTING WITH MP-BGP BETWEEN PE AND PE 
# STEP8: ESTABLISH NEIGHBOR RELATION MP-BGP BETWEEN R2_PE AND R4_PE
# R2_PE
     config terminal
router bgp 24
 neighbor 4.4.4.4 remote-as 24
          neighbor 4.4.4.4 update-source loopback 0
end
wr
==========================================================

# R4_PE
     config terminal
router bgp 24
 neighbor 2.2.2.2 remote-as 24
          neighbor 2.2.2.2 update-source loopback 0
end
wr
=========================================================
# Testing establish BGP neighborly relations on R2_PE, R4_PE
# show ip bgp summary
=========================================================

5 CONFIGURE VPNv4 ADDRESS-FAMILY 
# STEP9: CONFIGURE VPNv4 ADDRESS-FAMILY 
# R2_PE
     config terminal
router bgp 24
 address-family vpnv4
          neighbor 4.4.4.4 activate
end
wr
=========================================================

# R4_PE
     config terminal
router bgp 24
 address-family vpnv4
          neighbor 2.2.2.2 activate
end
wr
=========================================================

6 CONFIGURE IPv4 ADDRESS-FAMILY
# STEP10: CONFIGURE IPv4 ADDRESS-FAMILY 
# R2_PE siteA
     config terminal
router bgp 24
 address-family ipv4 vrf siteA
          redistribute eigrp 101
end
wr
=========================================================

# R4_PE siteA
     config terminal
router bgp 24
 address-family ipv4 vrf siteA
          redistribute eigrp 101
end
wr
==========================================================

# R2_PE siteB
     config terminal
router bgp 24
 address-family ipv4 vrf siteB
          redistribute eigrp 201
end
wr
=========================================================

# R2_PE siteB
     config terminal
router bgp 24
 address-family ipv4 vrf siteB
          redistribute eigrp 202
end
wr
==========================================================
     =======================THE END================
Người đăng: vào lúc Không có nhận xét nào:

Thứ Năm, 3 tháng 11, 2011

FinalLabSW-CCNP


CONFIG FINAL LAB SW
# DS1: Hostname, Etherchannel, Trunk, Native Vlan 100
# DS1: Hostname
enable
config terminal
hostname DS1
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
end

# DS1: Etherchannel, Trunk, Native Vlan 100
config terminal
interface range f0/14 - 15
channel-group 1 mode on
exit
interface port-channel 1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan except 100
exit
interface range f0/12 - 13
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan except 100
exit
interface f0/11
switchport mode access
switchport access vlan 172
no shutdown
end

# DS1: VTPserver, Vlan
vlan database
vtp domain newstar
vtp password newstar
vtp server
vlan 2
vlan 3
vlan 10
vlan 100
vlan 172
vlan 192
exit
config terminal
vtp file nvram:vlan.dat
end
===========================

# DS2: Hostname, Etherchannel, Trunk, Native Vlan 100
# DS2: Hostname
enable
config terminal
hostname DS2
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
end

# DS2: Etherchannel, Trunk, Native Vlan 100
config terminal
interface range f0/14 - 15
channel-group 1 mode on
exit
interface port-channel 1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan except 100
exit
interface range f0/12 - 13
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan except 100
exit
interface f0/11
switchport mode access
switchport access vlan 172
no shutdown
end

# DS2: VTPserver, Vlan
vlan database
vtp domain newstar
vtp password newstar
vtp server
vlan 2
vlan 3
vlan 10
vlan 100
vlan 172
vlan 192
exit
config terminal
vtp file nvram:vlan.dat
end
======================================

# AC1: VTP Client, Trunk, Native vlan 100
# AC1: Hostname
enable
config terminal
hostname AC1
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
end

# AC1: Trunk, Native Vlan 100
config terminal
interface f0/12
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan except 100
exit
interface f0/13
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan except 100
end

# AC1: VTPClient
vlan database
vtp domain newstar
vtp password newstar
vtp client
exit
config terminal
vtp file nvram:vlan.dat
end

# AC1: Switchport access vlan
config terminal
interface range f0/0 - 4
switchport mode access
switchport access vlan 2
exit
interface range f0/5 - 10
switchport mode access
switchport access vlan 3
exit
interface range f0/0 - 10
spanning-tree portfast
no shutdown
end
=========================

# SSW: VTP transparent, Trunk, Native vlan 100
# SSW: Hostname
enable
config terminal
hostname SSW
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
end

# SSW: Trunk, Native vlan 100
config terminal
interface f0/12
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan except 100
exit
interface f0/13
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan except 100
end

# SSW: VTP Transparent
vlan database
vtp domain newstar
vtp password newstar
vtp transparent
exit
config terminal
vtp file nvram:vlan.dat
end

# SSW: Create Vlan 192
vlan database
vlan 192
exit

# SSW: f0/15 access vlan 192
config terminal
interface f0/15
switchport mode access
switchport access vlan 192
no shutdown
end
==============================

# GSW: VTP transparent, Trunk, Native vlan 100
# GSW: Hostname
enable
config terminal
hostname GSW
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
end

# GSW: Create Vlan 172
vlan database
vlan 172
exit

# GSW: Switchport access vlan
config terminal
interface f0/14
switchport mode access
switchport access vlan 172
no shutdown
exit
interface f0/15
switchport mode access
switchport access vlan 172
no shutdown
exit
interface f0/13
switchport mode access
switchport access vlan 172
no shutdown
end

# GSW: VTP Transparent
vlan database
vtp domain newstar
vtp password newstar
vtp transparent
exit
config terminal
vtp file nvram:vlan.dat
end
=============================

# DS1: STP is Root
config terminal
spanning-tree vlan 2 root primary
spanning-tree vlan 3 root primary
spanning-tree vlan 10 root primary
spanning-tree vlan 172 root primary
spanning-tree vlan 192 root primary
end
==============================

# DS2: STP is Secondary
config terminal
spanning-tree vlan 2 root secondary
spanning-tree vlan 3 root secondary
spanning-tree vlan 10 root secondary
spanning-tree vlan 172 root secondary
spanning-tree vlan 192 root secondary
end
================================

# Configuration HSRP; IP address for interface Vlan
# DS1: HSRP, IP address
config terminal
interface vlan 2
ip address 2.2.2.1 255.255.255.0
standby 1 ip 2.2.2.254
no shutdown
exit
interface vlan 3
ip address 3.3.3.1 255.255.255.0
standby 1 ip 3.3.3.254
no shutdown
exit
interface vlan 192
ip address 192.168.1.1 255.255.255.0
standby 1 ip 192.168.1.254
no shutdown
exit
interface vlan 10
ip address 10.10.10.1 255.255.255.0
no shutdown
exit
interface vlan 172
ip address 172.16.1.1 255.255.255.0
no shutdown
end
wr
===============================

# DS1: is active for Vlan 2, 3, 192
config terminal
interface vlan 2
standby 1 preempt
standby 1 priority 110
exit
interface vlan 3
standby 1 preempt
standby 1 priority 110
exit
interface vlan 192
standby 1 preempt
standby 1 priority 110
end
wr
===============================

# DS2: is standby for Vlan 2, 3, 192
config terminal
interface vlan 2
standby 1 preempt
exit
interface vlan 3
standby 1 preempt
exit
interface vlan 192
standby 1 preempt
end
wr
==================================

# When F0/11 of DS1 is down then DS2 is active
config terminal
interface vlan 2
standby 1 track f0/11 30
exit
interface vlan 3
standby 1 track f0/11 30
exit
interface vlan 192
standby 1 track f0/11 30
end
=============================================

# When F0/11 of DS1 is up then DS1 is active affter 30 seconds
config terminal
interface vlan 2
standby 1 preempt delay minimum 10
exit
interface vlan 3
standby 1 preempt delay minimum 30
exit
interface vlan 192
standby 1 preempt delay minimum 60
end
wr
========================================

# Configuration HSRP; IP address for interface Vlan
# DS2: HSRP, IP address
config terminal
interface vlan 2
ip address 2.2.2.2 255.255.255.0
standby 1 ip 2.2.2.254
no shutdown
exit
interface vlan 3
ip address 3.3.3.2 255.255.255.0
standby 1 ip 3.3.3.254
no shutdown
exit
interface vlan 192
ip address 192.168.1.2 255.255.255.0
standby 1 ip 192.168.1.254
no shutdown
exit
interface vlan 10
ip address 10.10.10.2 255.255.255.0
no shutdown
exit
interface vlan 172
ip address 172.16.1.2 255.255.255.0
no shutdown
end
================================

# Routing with EIGRP AS100 for DS1, DS2, GW
# Routing with EIGRP AS100 for DS1
config terminal
router eigrp 100
network 2.2.2.0
network 3.3.3.0
network 10.10.10.0
network 172.16.1.0
network 192.168.1.0
no auto-summary
end
=============================

# Passive interface
# (DS1 is neighbor DS2 of Vlan 172; Vlan 2,3,20,192 is not)
config terminal
router eigrp 100
passive-interface default
no passive-interface vlan 172
end
wr
==============================

# Routing with EIGRP AS100 for DS2
config terminal
router eigrp 100
network 2.2.2.0
network 3.3.3.0
network 10.10.10.0
network 172.16.1.0
network 192.168.1.0
no auto-summary
end
===========================

# GW: Hostname, IP address
enable
config terminal
hostname GW
line console 0
loggin synch
no exec-timeout
no ip domain-lookup
end
config terminal
interface f0/1
ip address 172.16.1.253 255.255.255.0
no shutdown
exit
interface f0/0
ip address dhcp
no shutdown
end
wr
===========================

# Routing with EIGRP AS100 for GW
config terminal
router eigrp 100
network 172.16.1.0
no auto-summary
end
wr
==============================

# DHCP server 2k3
Create Scope Vlan2 (create pool)
Ip address range: 2.2.2.50-2.2.2.100
Default gateway: 2.2.2.254
DNS servers: 8.8.8.8
Create Scope Vlan3 (create pool)
Ip address range: 3.3.3.50-3.3.3.100
Default gateway: 3.3.3.254
DNS servers: 8.8.8.8
Routing and remote access
Static routes: 0.0.0.0 0.0.0.0 Gateway: 192.168.1.254
==============================

# DS1: ip helper-address
config terminal
interface vlan 2
ip helper-address 192.168.1.253
exit
interface vlan 3
ip helper-address 192.168.1.253
end
wr
====================================

# DS2: ip helper-address
config terminal
interface vlan 2
ip helper-address 192.168.1.253
exit
interface vlan 3
ip helper-address 192.168.1.253
end
wr
======================================

# GW: NAT overload guarantee all host of vlan 2, 3 go to internet
config terminal
interface f0/0
ip address dhcp
no shutdown
exit
access-list 1 permit any
ip nat inside source list 1 interface f0/0 overload
interface f0/0
ip nat outside
exit
interface f0/1
ip nat inside
end
wr
===========================

# GW: redistribute static (quang ba default route)
config terminal
router eigrp 100
redistribute static
end
wr
===========================
THE END
Người đăng: vào lúc Không có nhận xét nào:
Đăng ký: Bài đăng (Atom)