「大比武」1-战前规划

发表于

WechatIMG316

关键字:
摘要:

一 【二层网络】1.1-1.3(SW3~SW6)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
//show interface status  看接口所属vlan
//show spanning-tree mst 0   看mstp端口状态
//show etherchannel summary   看port-channel的lacp

【SW3】
conf t
vtp mode off
vlan 173
vlan 34
vlan 156
vlan 153
vlan 911
vlan 999
vlan 100
exit

int e0/0
 switchport mode access
 switchport access vlan 156
int e0/1
 switchport mode access
 switchport access vlan 153
int range e1/0-1, e2/0-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 2-4094
 exit

int range e0/2-3, e1/2-3, e2/2-3, e3/0-3
 switchport mode access
 switchport access vlan 999
 shutdown
 exit

spanning-tree portfast default
spanning-tree portfast bpduguard default 
snmp-server enable traps syslog
spanning-tree mode mst
 spanning-tree mst configuration
 name Eccom
 revision 1
 exit
spanning-tree mst 0 priority 0

int port-channel 34
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 2-4094
 exit
int port-channel 35
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 2-4094
 exit
int range e1/0-1
 channel-group 35 mode active
int range e2/0-1
 channel-group 34 mode active
 exit
port-channel load-balance src-ip


【SW4】
conf t
vtp mode off
vlan 34
vlan 184
vlan 164
vlan 156
vlan 100
vlan 911
vlan 999
exit

int e0/0
 switchport mode access
 switchport access vlan 156
int e0/1
 switchport mode access
 switchport access vlan 164
int range e1/0-1, e2/0-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 2-4094
 exit
 
int range e0/2-3, e1/2-3, e2/2-3, e3/0-3
 switchport mode access
 switchport access vlan 999
 shutdown
 exit

spanning-tree portfast default
spanning-tree portfast bpduguard default
snmp-server enable traps syslog

spanning-tree mode mst
 spanning-tree mst configuration
 name Eccom
 revision 1
 exit
spanning-tree mst 0 priority 4096

int port-channel 34
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 2-4094
 exit
int port-channel 46
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 2-4094
 exit
int range e1/0-1
 channel-group 46 mode active
int range e2/0-1 
 channel-group 34 mode active
 exit
port-channel load-balance src-ip




【SW5】
conf t
vtp mode off
vlan 173
vlan 100
vlan 911
vlan 999
exit

int e0/0
 switchport mode access
 switchport access vlan 173
int e0/1
 switchport mode access
 switchport access vlan 100
int range e1/0-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 2-4094
 exit
int range e0/2-3, e1/2-3, e2/0-3, e3/0-3
 switchport mode access
 switchport access vlan 999
 shutdown
 exit

spanning-tree portfast default
spanning-tree portfast bpduguard default
snmp-server enable traps syslog
spanning-tree mode mst
 spanning-tree mst configuration
 name Eccom
 revision 1
 exit

int port-channel 35
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 2-4094
int range e1/0-1
 channel-group 35 mode passive
 exit







【SW6】
conf t
vtp mode off
vlan 100
vlan 184
vlan 911
vlan 999
exit

int e0/0
 switchport mode access
 switchport access vlan 184
int e0/1
 switchport mode access
 switchport access vlan 100
int range e1/0-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 2-4094
 exit
int range e0/2-3, e1/2-3, e2/0-3, e3/0-3
 switchport mode access
 switchport access vlan 999
 shutdown
 exit

spanning-tree portfast default
spanning-tree portfast bpduguard default
snmp-server enable traps syslog
spanning-tree mode mst
 spanning-tree mst configuration
 name Eccom
 revision 1
 exit

int port-channel 46
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 2-4094
int range e1/0-1
 channel-group 46 mode passive
 exit

二 【OSPF】

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
//show ip int brief | in up   查已经up的接口
//show ip ospf neighbor   查看ospf邻居



//dataCenter R17、R18、Sw3、Sw4、R15、R16 network精确宣告,最后重启进程clear ip ospf process

先配4,3,再配 R18,17,16,15

【Sw4】
conf t
router ospf 1
 router-id 10.255.1.104
 network 10.255.1.104 0.0.0.0 area 0    
 network 10.2.0.14 0.0.0.0 area 0       
 network 10.2.100.254 0.0.0.0 area 0   
 network 10.2.0.10 0.0.0.0 area 0      
 network 10.2.0.41 0.0.0.0 area 0      
 network 10.2.119.104 0.0.0.0 area 0   
 passive-interface vlan 100
 passive-interface vlan 911
 end



【Sw3】
conf t
router ospf 1
 router-id 10.255.1.103
 network 10.255.1.103 0.0.0.0 area 0
 network 10.2.0.37 0.0.0.0 area 0
 network 10.2.0.13 0.0.0.0 area 0
 network 10.2.0.6 0.0.0.0 area 0
 network 10.2.100.253 0.0.0.0 area 0
 network 10.2.119.203 0.0.0.0 area 0
 passive-interface vlan 100
 passive-interface vlan 911
 end




【R18】
conf t
int range e0/0-1
 no shut
exit
router ospf 1
 router-id 10.255.1.18
int range lo0,e0/1
ip ospf 1 a 0
 end





【R17】
conf t
router ospf 1
 router-id 10.255.1.17
 network 10.255.1.17 0.0.0.0 area 0
 network 10.2.0.38 0.0.0.0 area 0
 end





【R16】
conf t
router ospf 1
 router-id 10.255.1.16
int range lo0,e0/0,e0/2
ip ospf 1 a 0
 end




【R15】
conf t
router ospf 1
 router-id 10.255.1.15
int range lo0,e0/0,e0/2
ip ospf 1 a 0
 end



//左下角 headquarters network的Sw1、R11、R12 netwrok精确宣告,Sw1为DR优先级255
Sw1: 
conf t
vlan 100
vlan 101
exit
int vlan 101
 ip ospf priority 255
exit
router ospf 1
 router-id 10.255.1.101
int range lo0,vlan 100,vlan 101
 ip ospf 1 a 0
 exit


【R12】
conf t
router ospf 1
 router-id 10.255.1.12
 default-information originate always
int range lo0,e0/1
 ip ospf 1 a 0
 exit



【R11】
conf t
router ospf 1
 router-id 10.255.1.11
 default-information originate always
int range lo0,e0/1
 ip ospf 1 a 0
 exit


//中间最下面 Main Office network Sw2、R13、R14 netwrok精确宣告,Sw2为DR优先级255
Sw2:
conf t
vlan 100
vlan 101
exit
int vlan 101
 ip ospf priority 255
exit
router ospf 1
router-id 10.255.1.102
int range lo0,vlan 100,vlan 101
 ip ospf 1 a 0
 exit


【R14】
conf t
router ospf 1
 router-id 10.255.1.14
 default-information originate always
int range lo0,e0/1
 ip ospf 1 a 0
 exit


【R13】
conf t
router ospf 1
 router-id 10.255.1.13
 default-information originate always
int range lo0,e0/1
 ip ospf 1 a 0
 exit



//中间区域core network,全部不能用network宣告,在接口下宣告ip ospf 1 area 0,R1为DR优先级255,R2为BDR优先级254
// 从 R1 开始,10、8、6、4,都需要接口priority255,再到9、7、5、3,最后再 R2
【R1】
conf t
router ospf 1
 router-id 10.255.1.1
exit
int range e0/0-3, e1/0
 ip ospf priority 255
 ip ospf 1 area 0
int loopback 0
 ip ospf 1 area 0
 exit


【R10】
conf t
int range e0/0-1
 no shutdown
router ospf 1
 router-id 10.255.1.10
int e0/0
 ip ospf 1 area 0
 ip ospf priority 255
int loopback 0
 ip ospf 1 area 0
 exit
router ospf 20
 network 10.254.0.65 0.0.0.0 area 0

【R8】
conf t
router ospf 1
 router-id 10.255.1.8
int e0/3
 ip ospf 1 area 0
 ip ospf priority 255
int loopback 0
 ip ospf 1 area 0
 exit



【R6】
conf t
router ospf 1
 router-id 10.255.1.6
int range e0/0-1
 ip ospf 1 area 0
 ip ospf priority 255
int loopback 0
 ip ospf 1 area 0
 exit


 

【R4】
conf t
router ospf 1
 router-id 10.255.1.4
int e0/2
 ip ospf 1 area 0
 ip ospf priority 255
int e0/0
 ip ospf 1 area 0
int loopback 0
 ip ospf 1 area 0
 exit


【R9】
conf t
int range e0/0-1
 no shutdown
router ospf 1
 router-id 10.255.1.9
int range lo0,e0/0
 ip ospf 1 area 0
 exit
router ospf 20
 network 10.254.0.61 0.0.0.0 area 0
 


【R7】
conf t
router ospf 1
 router-id 10.255.1.7
int range lo0,e0/3
 ip ospf 1 area 0
 exit


【R5】
conf t
router ospf 1
 router-id 10.255.1.5
int range lo0,e0/0-1
 ip ospf 1 area 0
 exit


【R3】
conf t
router ospf 1
 router-id 10.255.1.3
int range lo0,e0/0,e0/2
 ip ospf 1 area 0
 exit


【R2】
conf t
router ospf 1
 router-id 10.255.1.2
int loopback 0
 ip ospf 1 area 0
int range e0/0-3, e1/0
 ip ospf 1 area 0
 ip ospf priority 254
 exit


// R1上看 show  ip ospf  neighbor,五个邻居2、9、7、5、3都为BDR
// R2上看 show  ip ospf  neighbor,五个邻居1、10、8、6、4都为DR



//R17,R19,R20,R21做ospf 1的 area 51和 ip mtu 1400
【R17】
conf t
router ospf 1
 default-information originate
 area 51 stub no-summary
 network 10.100.19.1 0.0.0.0 area 51
 network 10.100.20.1 0.0.0.0 area 51
 network 10.100.21.1 0.0.0.0 area 51
 area 51 range 10.100.0.0 255.255.0.0
 area 51 range 10.16.0.0 255.255.0.0
 exit
int range  tunnel 19-21
 ip mtu 1400
 ip ospf network point-to-point
 exit
 

【R19】
conf t
router ospf 1
 router-id 10.255.1.19
 area 51 stub
 network 10.255.1.19 0.0.0.0 area 51
 network 10.16.1.1 0.0.0.0 area 51
 network 10.100.19.2 0.0.0.0 area 51
 exit
int tunnel 0
 ip mtu 1400
 ip ospf network point-to-point
 exit

 
【R20】
conf t
router ospf 1
 router-id 10.255.1.20
 area 51 stub
 network 10.255.1.20 0.0.0.0 area 51
 network 10.16.2.1 0.0.0.0 area 51
 network 10.100.20.2 0.0.0.0 area 51
 exit
int tunnel 0
 ip mtu 1400
 ip ospf network point-to-point
 exit


【R21】
conf t
router ospf 1
 router-id 10.255.1.21
 area 51 stub
 network 10.255.1.21 0.0.0.0 area 51
 network 10.16.3.1 0.0.0.0 area 51
 network 10.100.21.2 0.0.0.0 area 51
 exit
int tunnel 0
 ip mtu 1400
 ip ospf network point-to-point
 exit





//sw10,R57,R56,R55做 ospf 10
【Sw10】
conf t
vlan 100
vlan 101
exit
router ospf 10
 router-id 172.30.1.110
int range e0/2,vlan 100,vlan 101
 ip ospf 10 a 0
 exit
 

【R57】
conf t
int range e0/0-1
 no shut
 exit
router ospf 10
 router-id 172.30.1.57
int range lo0,e0/1
 ip ospf 10 a 0
 exit


【R56】
conf t
router ospf 10
 router-id 172.30.1.56
 default-information originate always
int e0/0
 ip ospf 10 a 0
 exit


【R55】
conf t
router ospf 10
 router-id 172.30.1.55
 default-information originate always
int e0/0
 ip ospf 10 a 0
 exit



//////////////R54-R50 做ospf 20
【R54】
conf t
int range e0/0-1
 no shutdown
 exit
router ospf 20
 router-id 172.30.1.54
int range lo0,e0/0-1
 ip ospf 20 a 0
 exit


【R53】
conf t
int range e0/0-1
 no shutdown
 exit
router ospf 20
 router-id 172.30.1.53
int range lo0,e0/0-1
 ip ospf 20 a 0
 exit

 
【R50】
conf t
router ospf 20
 router-id 172.30.1.50
int range lo0,e0/0
 ip ospf 20 a 0
 exit


【R51】
conf t
router ospf 20
 router-id 172.30.1.51
int range lo0,e0/0
 ip ospf 20 a 0
 exit


【R52】  //在R50上show ip route 52.52.52.52看tag  1000
conf t
router ospf 20
 router-id 172.30.1.52
int range lo0,e0/0
 ip ospf 20 a 0
 exit
 
route-map con
 match int loopback 52
 set metric-type type-1
 set tag 1000
 set metric 100
 exit
router ospf 20
 redistribute connected subnets route-map con
 exit


//////////////sw11,R58 做ospf 30
【Sw11】
conf t
vlan 100
vlan 101
exit
router ospf 30
 router-id 172.30.1.111
int range lo0,vlan 100,vlan 101
 ip ospf 30 a 0
 exit


 
【R58】
conf t
router ospf 30
 router-id 172.30.1.58
 default-information originate always
int range lo0,e0/0
 ip ospf 30 a 0
 exit





////在R9,R10上做tag 11 和tag 22
【R9】
route-map tag11 deny 5 
 match tag 11
route-map tag11 permit 10
 set tag 22
 exit
router ospf 1
 redistribute ospf 20 subnets route-map tag11
 exit

route-map tag22 deny 5 
 match tag 22
route-map tag22 permit 10
 set tag 11
 exit
router ospf 20
 redistribute ospf 1 subnets route-map tag22
 exit




【R10】
route-map tag11 deny 5 
 match tag 11
route-map tag11 permit 10
 set tag 22
 exit
router ospf 1
 redistribute ospf 20 subnets route-map tag11
 exit
 
route-map tag22 deny 5 
 match tag 22
route-map tag22 permit 10
 set tag 11
 exit
router ospf 20
 redistribute ospf 1 subnets route-map tag22
 exit

三 【BGP】

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
//show ip bgp summary  查看bgp路由
show run | beign r bgp
show run | beign r ospf



2.3需求 bgp
【R1】
conf t
router bgp 65001
 bgp router-id 10.255.1.1
 neighbor ibgp peer-group
 neighbor ibgp remote-as 65001
 neighbor ibgp update-source loopback 0
 neighbor ibgp next-hop-self
 neighbor ibgp route-reflector-client
 neighbor 10.255.1.2 peer-group ibgp
 neighbor 10.255.1.3 peer-group ibgp
 neighbor 10.255.1.4 peer-group ibgp
 neighbor 10.255.1.5 peer-group ibgp
 neighbor 10.255.1.6 peer-group ibgp 
 neighbor 10.255.1.7 peer-group ibgp
 neighbor 10.255.1.8 peer-group ibgp
 neighbor 10.255.1.9 peer-group ibgp
 neighbor 10.255.1.10 peer-group ibgp

 neighbor 172.30.1.50 peer-group ibgp
 neighbor 172.30.1.51 peer-group ibgp
 neighbor 172.30.1.52 peer-group ibgp
 neighbor 172.30.1.53 peer-group ibgp
 neighbor 172.30.1.54 peer-group ibgp
 exit




【R2】
conf t
router bgp 65001
 bgp router-id 10.255.1.2
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 exit



【R3】
conf t
router bgp 65001
 bgp router-id 10.255.1.3
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 neighbor 10.254.0.74 remote-as 65002
 exit


【R4】
conf t
router bgp 65001
 bgp router-id 10.255.1.4
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 neighbor 10.254.0.78 remote-as 65002
 exit



【R5】
conf t
router bgp 65001
 bgp router-id 10.255.1.5
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 neighbor 10.254.0.42 remote-as 65002
 exit


【R6】
conf t
router bgp 65001
 bgp router-id 10.255.1.6
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 neighbor 10.254.0.46 remote-as 65002
 exit


【R7】
conf t
router bgp 65001
 bgp router-id 10.255.1.7
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 neighbor 10.254.0.54 remote-as 65002
 exit


【R8】
conf t
router bgp 65001
 bgp router-id 10.255.1.8
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 neighbor 10.254.0.58 remote-as 65002
 exit


【R9】
conf t
router bgp 65001
 bgp router-id 10.255.1.9
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 exit



【R10】
conf t
router bgp 65001
 bgp router-id 10.255.1.10
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 exit



【R53】
router bgp 65001
 bgp router-id 172.30.1.53 
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 exit



【R54】
router bgp 65001
 bgp router-id 172.30.1.54 
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 exit
 

【R50】
router bgp 65001
 bgp router-id 172.30.1.50
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 neighbor 172.18.253.2 remote-as 65005
 neighbor 172.18.253.2 local-as 65006 
 exit



【R51】
router bgp 65001
 bgp router-id 172.30.1.51
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 neighbor 172.18.253.6 remote-as 65005
 neighbor 172.18.253.6 local-as 65006 
 exit



【R52】
router bgp 65001
 bgp router-id 172.30.1.52 
 neighbor 10.255.1.1 remote-as 65001
 neighbor 10.255.1.1 update-source loopback 0
 neighbor 10.255.1.1 next-hop-self
 neighbor 172.17.253.21 remote-as 65007
 neighbor 172.17.253.21 local-as 65006
 exit




【R11】
conf t
router bgp 65002
 bgp router-id 10.255.1.11
 neighbor 10.255.1.12 remote-as 65002
 neighbor 10.255.1.12 update-source loopback 0
 neighbor 10.255.1.12 next-hop-self
 neighbor 10.254.0.53 remote-as 65001
 neighbor 10.254.0.53 allowas-in 
 redistribute ospf 1 match internal external
 aggregate-address 10.1.0.0 255.255.0.0 summary-only
 exit



【R12】
conf t
router bgp 65002
 bgp router-id 10.255.1.12
 neighbor 10.255.1.11 remote-as 65002
 neighbor 10.255.1.11 update-source loopback 0
 neighbor 10.255.1.11 next-hop-self
 neighbor 10.254.0.57 remote-as 65001
 neighbor 10.254.0.57 allowas-in
 redistribute ospf 1 match internal external
 aggregate-address 10.1.0.0 255.255.0.0 summary-only
 exit


【R13】
conf t
router bgp 65002
 bgp router-id 10.255.1.13
 neighbor 10.255.1.14 remote-as 65002
 neighbor 10.255.1.14 update-source loopback 0
 neighbor 10.255.1.14 next-hop-self
 neighbor 10.254.0.41 remote-as 65001
 neighbor 10.254.0.41 allowas-in
 redistribute ospf 1 match internal external
 aggregate-address 10.3.0.0 255.255.0.0 summary-only
 exit



【R14】
conf t
router bgp 65002
 bgp router-id 10.255.1.14
 neighbor 10.255.1.13 remote-as 65002
 neighbor 10.255.1.13 update-source loopback 0
 neighbor 10.255.1.13 next-hop-self
 neighbor 10.254.0.45 remote-as 65001
 neighbor 10.254.0.45 allowas-in
 redistribute ospf 1 match internal external
 aggregate-address 10.3.0.0 255.255.0.0 summary-only
 exit



【R15】
conf t
router ospf 1
 redistribute bgp 65002 subnets
 exit
 
router bgp 65002
 bgp router-id 10.255.1.15
 neighbor 10.255.1.16 remote-as 65002
 neighbor 10.255.1.16 update-source loopback 0
 neighbor 10.255.1.16 next-hop-self
 neighbor 10.254.0.73 remote-as 65001
 neighbor 10.254.0.73 allowas-in
 neighbor 10.254.0.73 default-originate
 redistribute ospf 1 match internal external
 aggregate-address 10.2.0.0 255.255.0.0 summary-only
 exit
 


【R16】
conf t
router ospf 1
 redistribute bgp 65002 subnets
 exit
 
router bgp 65002
 bgp router-id 10.255.1.16
 neighbor 10.255.1.15 remote-as 65002
 neighbor 10.255.1.15 update-source loopback 0
 neighbor 10.255.1.15 next-hop-self
 neighbor 10.254.0.77 remote-as 65001
 neighbor 10.254.0.77 allowas-in
 neighbor 10.254.0.77 default-originate
 redistribute ospf 1 match internal external
 aggregate-address 10.2.0.0 255.255.0.0 summary-only
 exit




//////2.6需求:R18、R57、R55、R56、R58、Sw10、Sw11
【R18】
conf t
router bgp 65002
 bgp router-id 10.255.1.18
 neighbor 10.2.0.46 remote-as 65005
 redistribute ospf 1 match internal external
 aggregate-address 10.0.0.0 255.0.0.0 summary-only
 exit
 


【R57】
conf t
router bgp 65005
 bgp router-id 172.30.1.57
 neighbor 10.2.0.45 remote-as 65002
 redistribute ospf 10 match internal external
 aggregate-address 172.0.0.0 255.0.0.0 summary-only
 exit




【R55】
conf t
router bgp 65005
 bgp router-id 172.30.1.55
 neighbor 172.30.1.56 remote-as 65005
 neighbor 172.30.1.56 update-source loopback0
 neighbor 172.30.1.56 next-hop-self
 neighbor 172.18.253.1 remote-as 65006
 redistribute ospf 10 match internal external
 aggregate-address 172.18.0.0 255.255.0.0 summary-only
 exit


【R56】
conf t
router bgp 65005
 bgp router-id 172.30.1.56
 neighbor 172.30.1.55 remote-as 65005
 neighbor 172.30.1.55 update-source loopback0
 neighbor 172.30.1.55 next-hop-self
 neighbor 172.18.253.5 remote-as 65006
 redistribute ospf 10 match internal external
 aggregate-address 172.18.0.0 255.255.0.0 summary-only
 exit



【R58】
conf t
router bgp 65007
 bgp router-id 172.30.1.58
 neighbor 172.17.253.22 remote-as 65006
 redistribute ospf 30 match internal external
 aggregate-address 172.17.0.0 255.255.0.0 summary-only
 exit

四 【前缀列表】

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186

重发布:
(deny 5  match tag 11)防止ospf 20二次重发布进入ospf 1
(deny 5  match tag 22)防止ospf 1二次重发布进入ospf 20



//////在R2,R54上 show ip route 10.255.1.1     看tag 22和tag 11
//////          show ip route 172.30.1.50


2.8需求:
【R18】 						//重发布会抑制明细路由,宣告网段不会
router bgp 65002
 no redistribute ospf 1
 network 10.2.100.0 mask 255.255.255.0
 no aggregate-address 10.0.0.0 255.0.0.0 summary-only
 aggregate-address 10.0.0.0 255.0.0.0
 exit
 
 
 
 
【R57】							//重发布会抑制明细路由,宣告网段不会
router bgp 65005
 no redistribute ospf 10
 network 172.18.1.0 mask 255.255.255.0
 no aggregate-address 172.0.0.0 255.0.0.0 summary-only
 aggregate-address 172.0.0.0 255.0.0.0
 exit



//R18、R57,写route-map通告收到的汇总路由进各自的IGP
//Sw10 show ip route 上看不到 OE2 10.0.0.0/8

【R18】
ip prefix-list nei deny 10.0.0.0/8
ip prefix-list nei permit 0.0.0.0/0 le 32
route-map nei permit 10
 match ip address prefix-list nei
router ospf 1
 redistribute bgp 65002 subnets route-map nei
 exit


//Sw10 show ip route 上看不到172.0.0.0/8
【R57】
ip prefix-list nei deny 172.0.0.0/8
ip prefix-list nei permit 0.0.0.0/0 le 32
route-map nei permit 10
 match ip address prefix-list nei
router ospf 10
 redistribute bgp 65005 subnets route-map nei
 exit




//R55、R56做内,外的策略,命令一样
【R55】
ip prefix-list nei deny 172.0.0.0/8
ip prefix-list nei deny 172.18.0.0/16
ip prefix-list nei permit 0.0.0.0/0 le 32
route-map nei permit 10
 match ip address prefix-list nei
 exit
router ospf 10
 redistribute bgp 65005 subnets route-map nei
 exit
 
ip prefix-list wai deny 10.0.0.0/8
ip prefix-list wai deny 10.2.100.0/24
ip prefix-list wai permit 0.0.0.0/0 le 32
route-map wai permit 10
 match ip address prefix-list wai
 exit 
router bgp 65005
 redistribute ospf 10 match internal external route-map wai
 exit

【R56】
ip prefix-list nei deny 172.0.0.0/8
ip prefix-list nei deny 172.18.0.0/16
ip prefix-list nei permit 0.0.0.0/0 le 32
route-map nei permit 10
 match ip address prefix-list nei
 exit
router ospf 10
 redistribute bgp 65005 subnets route-map nei
 exit

ip prefix-list wai deny 10.0.0.0/8
ip prefix-list wai deny 10.2.100.0/24
ip prefix-list wai permit 0.0.0.0/0 le 32
route-map wai permit 10
 match ip address prefix-list wai
 exit
router bgp 65005
 redistribute ospf 10 match internal external route-map wai
 exit



//R15、R16做内,外的策略,命令一样
【R15】
ip prefix-list nei deny 10.0.0.0/8
ip prefix-list nei deny 10.2.0.0/16 
ip prefix-list nei deny 10.16.0.0/16 
ip prefix-list nei deny 10.100.0.0/16 
ip prefix-list nei permit 0.0.0.0/0 le 32
route-map nei permit 10
match ip address prefix-list nei
exit
router ospf 1
 redistribute bgp 65002 subnets route-map nei
 
ip prefix-list wai deny 172.0.0.0/8
ip prefix-list wai deny 10.18.1.0/24
ip prefix-list wai permit 0.0.0.0/0 le 32
route-map wai permit 10
 match ip address prefix-list wai
 exit
router bgp 65002
 redistribute ospf 1 match internal external route-map wai
 exit


【R16】
ip prefix-list nei deny 10.0.0.0/8
ip prefix-list nei deny 10.2.0.0/16 
ip prefix-list nei deny 10.16.0.0/16 
ip prefix-list nei deny 10.100.0.0/16 
ip prefix-list nei permit 0.0.0.0/0 le 32
route-map nei permit 10
match ip address prefix-list nei
exit
router ospf 1
 redistribute bgp 65002 subnets route-map nei
 
ip prefix-list wai deny 172.0.0.0/8
ip prefix-list wai deny 10.18.1.0/24
ip prefix-list wai permit 0.0.0.0/0 le 32
route-map wai permit 10
 match ip address prefix-list wai
 exit
router bgp 65002
 redistribute ospf 1 match internal external route-map wai
 exit


//做测试:R101上
conf t
int e0/0
 ip add 10.2.100.200 255.255.255.0
 exit
ip route 0.0.0.0 0.0.0.0 10.2.100.253
exit

R101#ping 10.2.100.253  //ping通即可测试 
 
R101#traceroute 172.18.1.254 source ethernet 0/0 probe 1
  1 10.2.100.253 1024 msec
  2 10.2.0.14 2 msec
  3 10.2.0.42 7 msec
  4 10.2.0.46 3 msec
  5 172.18.2.254 3 msec      //5跳
                
R101#traceroute 172.18.2.254 source ethernet 0/0 probe 1
  1 10.2.100.253 1009 msec
  2 10.2.0.5 3 msec
  3 10.254.0.73 4 msec
  4 10.254.0.13 6 msec
  5 10.254.0.18 5 msec
  6 10.254.0.62 5 msec
  7 172.30.100.1 6 msec
  8 172.18.253.2 5 msec
  9 172.18.254.254 16 msec   //9跳

  
//测试完后no掉
conf t
no ip route 0.0.0.0 0.0.0.0 10.2.100.253
int e0/0
 no ip address
 ip address dhcp

五 【OSPFv3】

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
2.9需求 建ipv6
//show ipv6 int brief   查看ipv6接口


【Sw3】
conf t
ipv6 unicast-routing
router ospfv3 1
 router-id 10.255.1.103
 address-family ipv6 unicast
 passive-interface vlan 100
 exit
int vlan 34
 ospfv3 1 ipv6 area 0
int vlan 153
 ospfv3 1 ipv6 area 0
int vlan 100
 ospfv3 1 ipv6 area 0
 ipv6 nd ra interval 20  
 ipv6 nd router-preference high
 exit


【Sw4】
conf t
ipv6 unicast-routing
router ospfv3 1
 router-id 10.255.1.104
 address-family ipv6 unicast
 passive-interface vlan 100
 exit
int vlan 34
 ospfv3 1 ipv6 area 0
int vlan 164
 ospfv3 1 ipv6 area 0
int vlan 100
 ospfv3 1 ipv6 area 0
 ipv6 nd ra interval 20 
 ipv6 nd router-preference medium
 exit




【R15】
conf t
ipv6 unicast-routing
router ospfv3 1
 router-id 10.255.1.15
 address-family ipv6 unicast
 exit
int range e0/0,e0/2
 ospfv3 1 ipv6 area 0
 ospfv3 1 ipv6 area 0
 exit


【R16】
conf t
ipv6 unicast-routing
router ospfv3 1
 router-id 10.255.1.16
 address-family ipv6 unicast
 exit
int range e0/0,e0/2
 ospfv3 1 ipv6 area 0
 ospfv3 1 ipv6 area 0
 exit


//***************************
2.10需求:HSRP,Sw3主网关,Sw4备
3.1需求 DHCP中继配置sw3,sw4,R15
3.3 VRRP Sw3和Sw4做VRRP、track
4.2  snooping安全sw3,sw4,sw5,sw6
//***************************
【Sw3】
conf t
int vlan 100
 standby version 2
 standby 100 ipv6 FE80:100::1
 standby 100 preempt
 standby 100 timers 1 3 
 standby 100 priority 105
 
int vlan 100
 ip helper-address 10.255.1.15

track 1 ip route 0.0.0.0/0 reachability
int vlan 100
 vrrp 100 ip 10.2.100.1
 vrrp 100 preemt
 vrrp 100 timers advertise 2 
 vrrp 100 track 1 decrement 20
 standby 100 track 1 decrement 20
 vrrp 100 priority 105
 exit

ip dhcp snooping vlan 100
int vlan 100
 ip dhcp relay information trust



【Sw4】
conf t
int vlan 100
standby version 2
standby 100 ipv6 FE80:100::1
standby 100 preempt 
standby 100 timers 1 3

int vlan 100
 ip helper-address 10.255.1.15

track 1 ip route 0.0.0.0/0 reachability
int vlan 100
 vrrp 100 ip 10.2.100.1
 vrrp 100 preempt
 vrrp 100 timers advertise 2
 vrrp 100 track 1 decrement 20
 standby 100 track 1 decrement 20
 exit

ip dhcp snooping vlan 100
int vlan 100
 ip dhcp relay information trust



【R15】
ip dhcp pool vlan100
 default-router 10.2.100.1
 network 10.2.100.0 255.255.255.0
 exit
ip dhcp excluded-address 10.2.100.1
ip dhcp excluded-address 10.2.100.253
ip dhcp excluded-address 10.2.100.254



【Sw5】
conf t
ip dhcp snooping vlan 100
int port-channel 35
 ip dhcp snooping trust
 exit
ip dhcp snooping verify mac-address


【Sw6】
conf t
ip dhcp snooping vlan 100
int port-channel 46
 ip dhcp snooping trust
 exit
ip dhcp snooping verify mac-address



3.2需求  R17作为网关做NAT
【R17】
conf t
int e0/0
 ip nat outside
int range e0/1,Tunnel19-21
 ip nat inside
 exit
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.0.0.0 0.255.255.255
ip nat inside source list 1 int e0/0 overload

4.1 R17做TTL保护、命名扩展acl
【R17】
ip access-list extended ttl
 deny ospf any any
 deny tcp any any eq bgp
 deny tcp any     eq bgp any
 permit ip any any ttl eq 0
 permit ip any any ttl eq 1
 deny ip any any
 exit
class-map match-all ttl 
 match access-group name ttl
 exit
policy-map ttl 
 class ttl 
 drop
 end
conf t
control-plane
 service-policy input ttl 




******************
//////测试/////////
******************
在Sw1#ping 8.8.8.8
  Sw2#ping 8.8.8.8
 Sw10#ping 8.8.8.8
 Sw11#ping 8.8.8.8
  R19#ping 8.8.8.8

Sw3#show vrrp
Sw3#show track
Keep going,and keep trying...