Вторая большая лабораторная работа,
1)
conf t
SW4
conf t
spanning-tree mode rapid-pvst
interface Ethernet0/0
spanning-tree portfast edge trunk
interface Ethernet0/1
spanning-tree portfast edge trunk
!
SW3
conf t
spanning-tree mode rapid-pvst
spanning-tree vlan 1,3,5,7,9,23,67,89,109,201,203,211,213 priority 0
interface Ethernet0/0
spanning-tree portfast edge trunk
!
SW1
conf t
spanning-tree mode rapid-pvst
spanning-tree vlan 2,4,6,8,10,12,34,78,144,202,212,456 priority 0
interface Ethernet0/0
spanning-tree portfast edge trunk
interface Ethernet0/1
spanning-tree portfast edge trunk
interface Ethernet0/2
spanning-tree portfast edge trunk
interface Ethernet0/3
spanning-tree portfast edge trunk
interface Ethernet1/0
spanning-tree portfast edge trunk
!
SW2
conf t
spanning-tree mode rapid-pvst
spanning-tree vlan 2,4,6,8,10,12,34,78,144,202,212,456 priority 36864
interface Ethernet0/0
spanning-tree portfast edge trunk
interface Ethernet0/1
spanning-tree portfast edge trunk
2)
SW1
conf t
vtp file nvram://ccie.dat
vtp domain SW1
vtp mode off
SW2
conf t
vtp file nvram://ccie.dat
vtp domain SW2
vtp mode off
SW3
conf t
vtp file nvram://ccie.dat
vtp domain SW3
vtp mode off
SW4
conf t
vtp file nvram://ccie.dat
vtp domain SW4
vtp mode off
3)
SW1
conf t
int e0/0
switchport trunk allowed vlan add 12
R2
conf t
ip route 180.1.1.1 255.255.255.255 et0/1.12
SW4
conf t
int e0/1
no sh
R1
conf t
aaa new-model
aaa authentication login default local
aaa authorization exec default local
crypto key generate rsa modulus 1024
username cisco password 0 cisco
username cisco autocommand ssh -l ccie -p 9009 180.1.7.7
ip ssh port 3009 rotary 1
ip ssh version 2
line vty 3
rotary 1
transport input ssh
transport output ssh
R7
conf t
crypto key generate rsa modulus 1024
ip ssh port 9009 rotary 1
ip ssh version 2
username ccie nopassword
line vty 3
login local
rotary 1
transport input ssh
4)
SW1
conf t
int e1/0
switchport trunk allowed vlan add 109
R9
conf t
int e0/1.109
ip broadcast-address 188.1.109.255
ip rip v2-broadcast
int e0/1.89
ip rip v2-broadcast
router rip
no validate-update-source
ip route 188.1.89.8 255.255.255.255 Ethernet0/1.89
R10
conf t
int e0/1.109
ip broadcast-address 188.1.109.255
ip rip v2-broadcast
SW2
conf t
vlan 89
int e0/1
sw trunk allowed vlan add 89
R8
conf t
int e0/1.89
ip rip v2-broadcast
router rip
no validate-update-source
ip route 188.1.98.9 255.255.255.255 Ethernet0/1.89
R7
conf t
ip access-list extended C-3PO
5 permit udp host 188.1.78.8 host 224.0.0.9 eq rip
}
5)
R6
conf t
no service dhcp
no logging on
line con 0
escape-character 3
6)
R7
conf t
ip http server
ip http port 10001
R9
conf t
logging source-interface Loopback0
logging host 180.1.7.7 transport tcp port 10001
7)
R7
conf t
ip dhcp excluded-address 188.1.235.6 188.1.235.254
ip dhcp excluded-address 188.1.235.1 188.1.235.4
ip dhcp pool VLAN235
network 188.1.235.0 255.255.255.0
default-router 188.1.235.2
R2,R3
conf t
interface Ethernet0/1.235
ip helper-address 180.1.7.7
R5
conf t
interface e0/1.235
ip address dhcp
SW1
conf t
vlan 235
SW2
conf t
vlan 235
state active
8)
SW1
conf t
ip dhcp snooping vlan 235
interface Ethernet3/0
ip dhcp snooping trust
interface Ethernet1/0
ip dhcp snooping trust
SW2
conf t
ip dhcp snooping vlan 235
int e2/2
ip dhcp snooping trust
SW3
conf t
ip dhcp snooping vlan 235
int e2/2
ip dhcp snooping trust
9)
R10>R9>R8>R7>
SW1
conf t
vlan 67
no shut
R7
ip route 180.1.6.6 255.255.255.255 Ethernet0/1.67
R6
ip route 180.1.7.7 255.255.255.255 188.1.67.7
R2
no ip route 180.1.5.5 255.255.255.255 188.1.235.5
ip route 180.1.5.5 255.255.255.255 et0/1.235
R3
conf t
ip route 180.1.5.5 255.255.255.255 188.1.235.3
R4
conf t
ip route 180.1.5.5 255.255.255.255 Ethernet0/1.456
R5
conf t
int e0/1.456
no sh
tclsh
foreach IP {
180.1.1.1
180.1.2.2
180.1.3.3
180.1.4.4
180.1.5.5
180.1.6.6
180.1.7.7
180.1.8.8
180.1.9.9
180.1.10.10
} {ping $IP so l0
}
10)
class-map match-any ENT_VLAN
match vlan 212
match vlan 211
match vlan 213
class-map match-any BS_VLAN
match vlan 201
match vlan 202
match vlan 203
class-map match-all ENT_VOIP
match class-map ENT_VLAN
match access-group name VOIP
class-map match-all ENT_ICMP
match class-map ENT_VLAN
match access-group name ICMP
class-map match-all ENT_HTTP
match class-map ENT_VLAN
match access-group name HTTP
class-map match-all BS_VOIP
match class-map BS_VLAN
match access-group name ACL
class-map match-all BS_HTTP
match class-map BS_VLAN
match access-group name HTTP
class-map match-all BS_ICMP
match class-map BS_VLAN
match access-group name ICMP
class-map match-all ENT_NON_DEFAULT
match class-map ENT_VLAN
match not dscp default
end
policy-map IN_QOS
class BS_VOIP
set ip dscp ef
class BS_HTTP
set ip dscp af31
class BS_ICMP
set ip dscp af21
class ENT_VOIP
set ip dscp af41
class ENT_HTTP
set ip dscp af32
class ENT_ICMP
set ip dscp af11
class ENT_NON_DEFAULT
set ip dscp default
interface Ethernet0/1
service-policy input IN_QOS
R8, R9
class-map match-all AF41
match ip dscp af41
class-map match-all EF
match ip dscp ef
class-map match-all AF21
match ip dscp af31
class-map match-all AF31
match ip dscp af31
class-map match-all AF32
match ip dscp af32
class-map match-all AF11
match ip dscp af11
class-map match-all NON_DEFAULT
match not ip dscp default
policy-map ENT_QOS
class AF41
priority percent 10
class AF32
priority percent 5
class AF11
bandwidth percent 35
class class-default
no random-detect precedence-based
random-detect dscp-based
policy-map BS_QOS
class EF
priority percent 10
class AF31
priority percent 5
class AF21
bandwidth percent 35
class NON_DEFAULT
bandwidth percent 25
random-detect dscp-based
class-map match-any BS
match class-map EF
match class-map AF31
match class-map AF21
match class-map NON_DEFAULT
class-map match-any EN
match class-map AF41
match class-map AF32
match class-map AF11
policy-map OUT
class BS
shape average percent 70
service-policy BS_QOS
class EN
shape average percent 30
service-policy ENT_QOS
R7
class-map match-all AF41
match ip dscp af41
class-map match-all EF
match ip dscp ef
class-map match-all AF21
match ip dscp af31
class-map match-all AF31
match ip dscp af31
class-map match-all AF32
match ip dscp af32
class-map match-all AF11
match ip dscp af11
class-map match-all NON_DEFAULT
match not ip dscp default
class-map match-any EN
match class-map AF41
match class-map AF32
match class-map AF11
class-map match-any BS
match class-map EF
match class-map AF31
match class-map AF21
match class-map NON_DEFAULT
policy-map ENT_QOS
class AF41
priority percent 10
class AF32
priority percent 5
class AF11
bandwidth percent 35
class class-default
random-detect dscp-based
policy-map BS_QOS
class EF
priority percent 10
class AF31
priority percent 5
class AF21
bandwidth percent 35
class NON_DEFAULT
bandwidth percent 25
random-detect dscp-based
policy-map OUT72
class EN
bandwidth 50
service-policy ENT_QOS
class BS
bandwidth 50
service-policy BS_QOS
policy-map OUT72_TUN
class class-default
shape average percent 100
policy-map OUT73
class EN
bandwidth 40
service-policy ENT_QOS
class BS
bandwidth 60
service-policy BS_QOS
policy-map OUT73_TUN
class class-default
shape average percent 100
service-policy OUT73
policy-map OUT74
class EN
bandwidth 30
service-policy ENT_QOS
class BS
bandwidth 70
service-policy BS_QOS
policy-map OUT74_TUN
class class-default
shape average percent 100
service-policy OUT74
int t72
service-policy output OUT72_TUN
int t73
service-policy output OUT73_TUN
int t74
service-policy output OUT74_TUN
R2
policy-map OUT
class BS
shape average percent 50
service-policy BS_QOS
class EN
shape average percent 50
service-policy ENT_QOS
R3
policy-map OUT
class BS
shape average percent 60
service-policy BS_QOS
class EN
shape average percent 40
service-policy ENT_QOS
R4
policy-map OUT
class BS
shape average percent 70
service-policy BS_QOS
class EN
shape average percent 30
service-policy ENT_QOS
1)
conf t
SW4
conf t
spanning-tree mode rapid-pvst
interface Ethernet0/0
spanning-tree portfast edge trunk
interface Ethernet0/1
spanning-tree portfast edge trunk
!
SW3
conf t
spanning-tree mode rapid-pvst
spanning-tree vlan 1,3,5,7,9,23,67,89,109,201,203,211,213 priority 0
interface Ethernet0/0
spanning-tree portfast edge trunk
!
SW1
conf t
spanning-tree mode rapid-pvst
spanning-tree vlan 2,4,6,8,10,12,34,78,144,202,212,456 priority 0
interface Ethernet0/0
spanning-tree portfast edge trunk
interface Ethernet0/1
spanning-tree portfast edge trunk
interface Ethernet0/2
spanning-tree portfast edge trunk
interface Ethernet0/3
spanning-tree portfast edge trunk
interface Ethernet1/0
spanning-tree portfast edge trunk
!
SW2
conf t
spanning-tree mode rapid-pvst
spanning-tree vlan 2,4,6,8,10,12,34,78,144,202,212,456 priority 36864
interface Ethernet0/0
spanning-tree portfast edge trunk
interface Ethernet0/1
spanning-tree portfast edge trunk
2)
SW1
conf t
vtp file nvram://ccie.dat
vtp domain SW1
vtp mode off
SW2
conf t
vtp file nvram://ccie.dat
vtp domain SW2
vtp mode off
SW3
conf t
vtp file nvram://ccie.dat
vtp domain SW3
vtp mode off
SW4
conf t
vtp file nvram://ccie.dat
vtp domain SW4
vtp mode off
3)
SW1
conf t
int e0/0
switchport trunk allowed vlan add 12
R2
conf t
ip route 180.1.1.1 255.255.255.255 et0/1.12
SW4
conf t
int e0/1
no sh
R1
conf t
aaa new-model
aaa authentication login default local
aaa authorization exec default local
crypto key generate rsa modulus 1024
username cisco password 0 cisco
username cisco autocommand ssh -l ccie -p 9009 180.1.7.7
ip ssh port 3009 rotary 1
ip ssh version 2
line vty 3
rotary 1
transport input ssh
transport output ssh
R7
conf t
crypto key generate rsa modulus 1024
ip ssh port 9009 rotary 1
ip ssh version 2
username ccie nopassword
line vty 3
login local
rotary 1
transport input ssh
4)
SW1
conf t
int e1/0
switchport trunk allowed vlan add 109
R9
conf t
int e0/1.109
ip broadcast-address 188.1.109.255
ip rip v2-broadcast
int e0/1.89
ip rip v2-broadcast
router rip
no validate-update-source
ip route 188.1.89.8 255.255.255.255 Ethernet0/1.89
R10
conf t
int e0/1.109
ip broadcast-address 188.1.109.255
ip rip v2-broadcast
SW2
conf t
vlan 89
int e0/1
sw trunk allowed vlan add 89
R8
conf t
int e0/1.89
ip rip v2-broadcast
router rip
no validate-update-source
ip route 188.1.98.9 255.255.255.255 Ethernet0/1.89
R7
conf t
ip access-list extended C-3PO
5 permit udp host 188.1.78.8 host 224.0.0.9 eq rip
}
5)
R6
conf t
no service dhcp
no logging on
line con 0
escape-character 3
6)
R7
conf t
ip http server
ip http port 10001
R9
conf t
logging source-interface Loopback0
logging host 180.1.7.7 transport tcp port 10001
7)
R7
conf t
ip dhcp excluded-address 188.1.235.6 188.1.235.254
ip dhcp excluded-address 188.1.235.1 188.1.235.4
ip dhcp pool VLAN235
network 188.1.235.0 255.255.255.0
default-router 188.1.235.2
R2,R3
conf t
interface Ethernet0/1.235
ip helper-address 180.1.7.7
R5
conf t
interface e0/1.235
ip address dhcp
SW1
conf t
vlan 235
SW2
conf t
vlan 235
state active
8)
SW1
conf t
ip dhcp snooping vlan 235
interface Ethernet3/0
ip dhcp snooping trust
interface Ethernet1/0
ip dhcp snooping trust
SW2
conf t
ip dhcp snooping vlan 235
int e2/2
ip dhcp snooping trust
SW3
conf t
ip dhcp snooping vlan 235
int e2/2
ip dhcp snooping trust
9)
R10>R9>R8>R7>
SW1
conf t
vlan 67
no shut
R7
ip route 180.1.6.6 255.255.255.255 Ethernet0/1.67
R6
ip route 180.1.7.7 255.255.255.255 188.1.67.7
R2
no ip route 180.1.5.5 255.255.255.255 188.1.235.5
ip route 180.1.5.5 255.255.255.255 et0/1.235
R3
conf t
ip route 180.1.5.5 255.255.255.255 188.1.235.3
R4
conf t
ip route 180.1.5.5 255.255.255.255 Ethernet0/1.456
R5
conf t
int e0/1.456
no sh
tclsh
foreach IP {
180.1.1.1
180.1.2.2
180.1.3.3
180.1.4.4
180.1.5.5
180.1.6.6
180.1.7.7
180.1.8.8
180.1.9.9
180.1.10.10
} {ping $IP so l0
}
10)
class-map match-any ENT_VLAN
match vlan 212
match vlan 211
match vlan 213
class-map match-any BS_VLAN
match vlan 201
match vlan 202
match vlan 203
class-map match-all ENT_VOIP
match class-map ENT_VLAN
match access-group name VOIP
class-map match-all ENT_ICMP
match class-map ENT_VLAN
match access-group name ICMP
class-map match-all ENT_HTTP
match class-map ENT_VLAN
match access-group name HTTP
class-map match-all BS_VOIP
match class-map BS_VLAN
match access-group name ACL
class-map match-all BS_HTTP
match class-map BS_VLAN
match access-group name HTTP
class-map match-all BS_ICMP
match class-map BS_VLAN
match access-group name ICMP
class-map match-all ENT_NON_DEFAULT
match class-map ENT_VLAN
match not dscp default
end
policy-map IN_QOS
class BS_VOIP
set ip dscp ef
class BS_HTTP
set ip dscp af31
class BS_ICMP
set ip dscp af21
class ENT_VOIP
set ip dscp af41
class ENT_HTTP
set ip dscp af32
class ENT_ICMP
set ip dscp af11
class ENT_NON_DEFAULT
set ip dscp default
interface Ethernet0/1
service-policy input IN_QOS
R8, R9
class-map match-all AF41
match ip dscp af41
class-map match-all EF
match ip dscp ef
class-map match-all AF21
match ip dscp af31
class-map match-all AF31
match ip dscp af31
class-map match-all AF32
match ip dscp af32
class-map match-all AF11
match ip dscp af11
class-map match-all NON_DEFAULT
match not ip dscp default
policy-map ENT_QOS
class AF41
priority percent 10
class AF32
priority percent 5
class AF11
bandwidth percent 35
class class-default
no random-detect precedence-based
random-detect dscp-based
policy-map BS_QOS
class EF
priority percent 10
class AF31
priority percent 5
class AF21
bandwidth percent 35
class NON_DEFAULT
bandwidth percent 25
random-detect dscp-based
class-map match-any BS
match class-map EF
match class-map AF31
match class-map AF21
match class-map NON_DEFAULT
class-map match-any EN
match class-map AF41
match class-map AF32
match class-map AF11
policy-map OUT
class BS
shape average percent 70
service-policy BS_QOS
class EN
shape average percent 30
service-policy ENT_QOS
R7
class-map match-all AF41
match ip dscp af41
class-map match-all EF
match ip dscp ef
class-map match-all AF21
match ip dscp af31
class-map match-all AF31
match ip dscp af31
class-map match-all AF32
match ip dscp af32
class-map match-all AF11
match ip dscp af11
class-map match-all NON_DEFAULT
match not ip dscp default
class-map match-any EN
match class-map AF41
match class-map AF32
match class-map AF11
class-map match-any BS
match class-map EF
match class-map AF31
match class-map AF21
match class-map NON_DEFAULT
policy-map ENT_QOS
class AF41
priority percent 10
class AF32
priority percent 5
class AF11
bandwidth percent 35
class class-default
random-detect dscp-based
policy-map BS_QOS
class EF
priority percent 10
class AF31
priority percent 5
class AF21
bandwidth percent 35
class NON_DEFAULT
bandwidth percent 25
random-detect dscp-based
policy-map OUT72
class EN
bandwidth 50
service-policy ENT_QOS
class BS
bandwidth 50
service-policy BS_QOS
policy-map OUT72_TUN
class class-default
shape average percent 100
policy-map OUT73
class EN
bandwidth 40
service-policy ENT_QOS
class BS
bandwidth 60
service-policy BS_QOS
policy-map OUT73_TUN
class class-default
shape average percent 100
service-policy OUT73
policy-map OUT74
class EN
bandwidth 30
service-policy ENT_QOS
class BS
bandwidth 70
service-policy BS_QOS
policy-map OUT74_TUN
class class-default
shape average percent 100
service-policy OUT74
int t72
service-policy output OUT72_TUN
int t73
service-policy output OUT73_TUN
int t74
service-policy output OUT74_TUN
R2
policy-map OUT
class BS
shape average percent 50
service-policy BS_QOS
class EN
shape average percent 50
service-policy ENT_QOS
R3
policy-map OUT
class BS
shape average percent 60
service-policy BS_QOS
class EN
shape average percent 40
service-policy ENT_QOS
R4
policy-map OUT
class BS
shape average percent 70
service-policy BS_QOS
class EN
shape average percent 30
service-policy ENT_QOS
Комментариев нет:
Отправить комментарий