(1)按照要求配置路由器各个端口的IP地址,保证直连链路通。 (2)配置OSPF路由协议,保证OSPF各区域路由正常;
① 将区域2配置成nssa区域; R2:area 2 nssa no-sunmmary R4:area 2 nssa
② 区域0需要MD5认证,密码为cisco;区域2需要简单口令认证,密码ccna R1:
router ospf 1
area 0 authentication message-digest int s0/0
ip ospf message-digest-key 1 md5 cisco int e1/0
ip ospf message-digest-key 1 md5 cisco R2:
router ospf 1
area 0 authentication message-digest int s0/0
ip ospf message-digest-key 1 md5 cisco int e1/0
ip ospf message-digest-key 1 md5 cisco exit int s0/2
ip ospf authentication
ip ospf authentication-key ccna R4:
int s0/2
ip ospf authentication
ip ospf authentication-key ccna
③ R1的s0/0的hello interval 设置为5秒,dead-interval设置为20秒 int s0/0
ip ospf hell-interval 5 ip ospf dead-interval 20
④ 控制DR选举,使得R2没有机会成为DR. R2:
int e1/0
ip ospf priority 0
(3)配置RIP V2路由协议,KEYCHAIN名字为CCIE,路由器R1和R5采用MD5验证,key的ID为1,密码为cisco,路由器R4和R6采用明文验证,密码是cisco。 R1:
router rip version 2
network 192.15.1.0 network 1.1.1.0 no auto-summary
key chain CCIE key 1
key-string cisco exit
int e1/1
ip rip authentication key-chain CCIE R5:
router rip version 2
network 5.0.0.0 network 192.15.1.0 no auto-summary
key chain CCIE key 1
key-string cisco exit
int e1/0
ip rip authentication key-chain CCIE R4:
router rip version 2
network 192.46.1.0 no auto-summary exit
do sh ip route key chain CCIE key 1
key-string cisco exit
int e1/0
ip rip authentication key-chain CCIE R6:
router rip version 2
network 192.46.1.0 network 6.6.6.6 no auto-summary exit
key chain CCIE key 1
key-string cisco exit
int e1/0
ip rip authentication key-chain CCIE
(4)配置EIGRP路由协议,采用MD5验证,KEYCHAIN名字为EI,,key的ID为1,密码为cisco,并且关闭自动汇总。 R2:
key chain EI key 1
key-string cisco exit
router eigrp 1
network 192.23.1.2 0.0.0.0 no auto-summary exit
int s0/1
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EI R3:
router eigrp 1 no auto-summary
network 3.3.3.3 0.0.0.0 network 3.3.64.3 0.0.0.0 network 3.3.65.3 0.0.0.0 network 3.3.66.3 0.0.0.0 network 3.3.67.3 0.0.0.0
network 192.23.1.3 0.0.0.0 no auto-summary exit
key chain EI key 1
key-string cisco exit
int s0/1
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EI
(5)R1和R5配置EBGP路由协议,用环回接口做更新源,通告R5的L50和L55。在路由器R1上配置BGP属性,使得:
A: L50的as-path属性追加300 400 500 B: L55的起源为EGP 600
C:L50的local-preference值为2000 R1:
Router bgp 100
bgp router-id 1.1.1.1 no synchronization
neighbor 5.5.5.5 remote-as 500 neighbor 5.5.5.5 ebgp-multihop 255
neighbor 5.5.5.5 update-source Loopback0 neighbor 5.5.5.5 route-map BGP in exit
access-list 50 permit 50.50.50.0 access-list 55 permit 55.55.55.0 route-map BGP permit 10 match ip address 50
set local-preference 2000
set as-path prepend 300 400 500 !
route-map BGP permit 20 match ip address 55 set origin egp 600 R5:
router bgp 500
no synchronization bgp router-id 5.5.5.5
bgp log-neighbor-changes
network 50.50.50.0 mask 255.255.255.0 network 55.55.55.0 mask 255.255.255.0 neighbor 1.1.1.1 remote-as 100 neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0 no auto-summary
(6)在R1上向OSPF网络注入一条默认路由,并将OSPF网络重分布到BGP中,为了确保网络的
畅通,请在R5上配置一条指向192.15.1.1的默认路由。 R1:
router ospf 1
default-information originate always router bgp 100
redistribute ospf 1 R5:
ip route 0.0.0.0 0.0.0.0 192.15.1.1
(7)在路由器R2上执行EIGRP和OSPF的双向重分布:
① 将EIGRP路由重分布到OSPF时,用route-map实现,第三位为奇数的路由条目,类型为1,度量值为130,第三位为偶数的路由条目,类型为2,度量值为50,其他路由条目采用默认,不做控制。
② 将OSPF路由重分布到EIGRP。 R2:
access-list 1 permit 3.3.0.0 0.0.254.0 access-list 2 permit 3.3.1.0 0.0.254.0
route-map test permit 10 match ip address 1 set metric 50 exit
route-map test permit 20 match ip address 2 set metric 130
set metric-type type-1 exit
route-map test permit 30 exit
router ospf 1
redistribute eigrp 1 subnets route-map test exit
router eigrp 1
redistribute ospf 1 metric 100000 100 255 1 1500 exit
(8)在路由器R4上执行RIP和OSPF的双向重分布,RIP重分布到OSPF参数均采用默认,OSPF重分布到RIP中,metric为5。 R4:
router ospf 1
redistribute rip subnets
exit
router rip
redistribute ospf 1 metric 5 exit
(9)将R6配置成DHCP服务器,具体如下:DHCP:网络:172.1.1.0/24 默认网关:172.1.1.1 域名:cisco.com ,地址排除:172.1.1.1-172.1.1.5(不需要测试)。
R6:
ip dhcp excluded-address 172.1.1.1 172.1.1.5 ip dhcp pool test
network 172.1.1.0 255.255.255.0 default-router 172.1.1.1 domain-name cisco.com
(10)配置RIPng 或者OSPFv3协议,保证IPv6路由通。OSPF v3用MD5或者sha1的验证。 R6:
ipv6 router ospf 1 router-id 6.6.6.6
area 0 authentication ipsec spi 2346 sha1 0123456789012345678901234567890123456789
(11)在R1上配置策略路由,使从R5方向来的HTTP数据流走R1的s0/0接口,使从R5方向来的TELNET和FTP数据流走R1的F2/0接口。 R1:
access-list 110 remark HTTP
access-list 110 permit tcp any any eq www access-list 120 remark FTP and TELNET access-list 120 permit tcp any any eq telnet access-list 120 permit tcp any any eq ftp-data
access-list 120 permit tcp any any eq ftp route-map ABC permit 10 match ip address 110 set interface Serial0/0
exit
route-map ABC permit 20 match ip address 120 set interface Ethernet1/0 exit int e1/1
ip policy route-map ABC